Scribd Logo
Upload

Welcome to Scribd!

  • Sample Configurasi Sso

    Uploaded by

    Ardian
    7 views2 pages
    sample

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    sample

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    7 views2 pages

    Sample Configurasi Sso

    Uploaded by

    Ardian
    sample

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 2

    2015-11-25 19:58:56,897 INFO [com.github.inspektr.audit.support.

    Slf4jLoggingAudi
    tTrailManager] - Audit trail record BEGIN
    =============================================================
    WHO: [username: atikah.amalina]
    WHAT: TGT-34940-69tJ3rxAhT4zKp3UD0bsag4k3H5Mc7oanwzdoHZbRKmarbzcfv-sso.ui.ac.id
    ACTION: TICKET_GRANTING_TICKET_CREATED
    APPLICATION: CAS
    WHEN: Wed Nov 25 19:58:56 WIB 2015
    CLIENT IP ADDRESS: 36.84.70.202
    SERVER IP ADDRESS: 127.0.0.1
    =============================================================
    2015-11-25 19:58:56,958 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] Granted service ticket [ST-53764-tbPXhFceimkOCcnUrvHo-sso.ui.ac.id] for service
    [http://remote-lib.ui.ac.id/login] for user [atikah.amalina]
    ############################################################################
    Pattern grok 1:
    %{TIMESTAMP_ISO8601:time} %{WORD:event_method} \[%{NOTSPACE:package_service}\] %{GREEDYDATA:event_status}\n([=]*)\nWHO: \[username\: %{USERNAME:who}\]\nWHAT:
    %{NOTSPACE:what}\nACTION: %{NOTSPACE:action}\nAPPLICATION: %{NOTSPACE:applicatio
    n}\nWHEN: %{DATESTAMP_OTHER:when}\nCLIENT IP ADDRESS: %{IP:client_ip}\nSERVER IP
    ADDRESS: %{IP:server_ip}\n([=]*)
    support pattern grok 1:
    TZ (?:[PMCEW][SDI]B|T[A]|UTC|)
    add field grok 1:
    event_type = request
    remove field grok 1:
    YEAR, MONTHNUM, MONTHDAY, HOUR, MINUTE, SECOND, ISO8601_TIMEZONE, DAY, MONTH, TI
    ME, IPV6, IPV4
    considered field grok 1:
    TZ (timezone)

    Pattern grok 2:
    %{TIMESTAMP_ISO8601:time} %{WORD:event_method} \[%{NOTSPACE:service_package}\] %{GREEDYDATA:event_status} \[%{NOTSPACE:what}\] for service \[%{URI:service_add
    ress}\] for user \[%{USERNAME:username}\]
    add field grok 2:
    event_type = response
    remove field grok 2:
    YEAR, MONTHNUM, MONTHDAY, HOUR, MINUTE, SECOND, ISO8601_TIMEZONE, URIPROTO, URIH
    OST, IPORHOST, HOSTNAME, IP, IPV4, IPV6, port, URIPATHPARAM, URIPATH, URIPARAM
    ############################ Config FILE ###################################
    input {
    file {
    path => "/var/log/messages.log"
    codec => multiline {
    pattern => "^%{TIMESTAMP_ISO8601}"

    negate => true


    what
    => previous
    }
    type => "sso"
    }
    }
    filter{
    if [type] == "sso" {
    grok {
    patterns_dir => "/var/lib/logstash/etc"
    match => [
    "message" => "%{TIMESTAMP_ISO8601:time} %{WORD:e
    vent_method} \[%{NOTSPACE:package_service}\] - %{GREEDYDATA:event_status}\n([=]*
    )\nWHO: \[username\: %{USERNAME:who}\]\nWHAT: %{NOTSPACE:what}\nACTION: %{NOTSPA
    CE:action}\nAPPLICATION: %{NOTSPACE:application}\nWHEN: %{DATESTAMP_OTHER:when}\
    nCLIENT IP ADDRESS: %{IP:client_ip}\nSERVER IP ADDRESS: %{IP:server_ip}\n([=]*)"
    ,
    "message" => "%{TIMESTAMP_ISO8601:time} %{WORD:e
    vent_method} \[%{NOTSPACE:service_package}\] - %{GREEDYDATA:event_status} \[%{NO
    TSPACE:what}\] for service \[%{URI:service_address}\] for user \[%{USERNAME:user
    name}\]",
    ]
    }
    geoip {
    source => "clientip"
    target => "geoip"
    database => "/etc/logstash/GeoLiteCity.dat"
    add_field => { [geoip][coordinates] => "%{[geoip][longi
    tude]}",
    [geoip][coordinates] =>
    "%{[geoip][latitude]}",
    }
    }
    }
    }
    output{
    }

    You might also like