UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
...
| Code Block | ||
|---|---|---|
| ||
input {
pipeline { address => radiuslogs }
}
filter {
mutate { gsub => [ "message", "[\n\t]+", " " ] }
kv {
allow_duplicate_values => false
include_keys => [
"Calling-Station-Id",
"Framed-IP-Address",
"Timestamp",
"Called-Station-Id",
"NAS-IP-Address",
"Acct-Status-Type"
]
remove_field => [
"logtype",
"message",
"@version"
]
}
if "beats_input_codec_plain_applied" in [tags] {
mutate { remove_tag => ["beats_input_codec_plain_applied"] }
}
geoip { source => "NAS-IP-Address" }
fingerprint {
key => "${cipherfingerprint_key}"
method => "SHA512"
source => "Calling-Station-Id"
target => "Calling-Station-Id"
}
fingerprint {
key => "${cipherfingerprint_key}"
method => "SHA512"
source => "Framed-IP-Address"
target => "Framed-IP-Address"
}
}
output {
stdout { codec => rubydebug }
} |
...
| Code Block | ||
|---|---|---|
| ||
input {
pipeline { address => dhcplogs }
}
filter {
dissect {
mapping => {
"message" => "%{} DHCPACK on %{ip} to %{mac} %{}"
}
remove_field => [
"logtype",
"message",
"@version"
]
}
if "beats_input_codec_plain_applied" in [tags] {
mutate { remove_tag => ["beats_input_codec_plain_applied"] }
}
fingerprint {
key => "${cipherfingerprint_key}"
method => "SHA512"
source => "ip"
target => "ip"
}
fingerprint {
key => "${cipherfingerprint_key}"
method => "SHA512"
source => "mac"
target => "mac"
}
}
output {
stdout { codec => rubydebug }
} |
...