Skip to content

Instantly share code, notes, and snippets.

@aleem-99

aleem-99/vpc-flowlog

Forked from brandond/vpc-flowlog
Created July 7, 2018 19:24
Show Gist options
  • Save aleem-99/7d85ca75241c9228e579c07af80fea29 to your computer and use it in GitHub Desktop.
Save aleem-99/7d85ca75241c9228e579c07af80fea29 to your computer and use it in GitHub Desktop.
Download ZIP
logstash-grok-pattern-vpc-flow-log
Raw
vpc-flowlog
# VPC Flow Log fields
# version account-id interface-id srcaddr dstaddr srcport dstport protocol packets bytes start end action log-status
# http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html#flow-log-records
VPCFLOWLOG %{NUMBER:version:int} %{NUMBER:account-id} %{NOTSPACE:interface-id} %{NOTSPACE:srcaddr} %{NOTSPACE:dstaddr} %{NOTSPACE:srcport:int} %{NOTSPACE:dstport:int} %{NOTSPACE:protocol:int} %{NOTSPACE:packets:int} %{NOTSPACE:bytes:int} %{NUMBER:start:int} %{NUMBER:end:int} %{NOTSPACE:action} %{NOTSPACE:log-status}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment