Added NGINX data connector
This commit is contained in:
Родитель
326b46c43d
Коммит
3ad4d0f0bb
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"Name": "NGINX_CL",
|
||||
"Properties": [
|
||||
{
|
||||
"Name": "TimeGenerated",
|
||||
"Type": "DateTime"
|
||||
},
|
||||
{
|
||||
"Name": "RawData",
|
||||
"Type": "String"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,149 @@
|
|||
{
|
||||
"id": "NGINX HTTP Server",
|
||||
"title": "NGINX HTTP Server",
|
||||
"publisher": "Nginx",
|
||||
"descriptionMarkdown": "NGINX HTTP Server data connector provides the capability to ingest [NGINX HTTP Server](https://nginx.org/en/) events into Azure Sentinel. Refer to [NGINX Logs documentation](https://nginx.org/en/docs/http/ngx_http_log_module.html) for more information.",
|
||||
"additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected. Follow the steps to use this Kusto Function alias **NGINXHTTPServer** in queries and workbooks. [Follow steps to get this Kusto Function>](https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/NGINX/NGINXHTTPServer.txt)",
|
||||
"graphQueries": [
|
||||
{
|
||||
"metricName": "Total data received",
|
||||
"legend": "NGINX Events",
|
||||
"baseQuery": "NGINXHTTPServer"
|
||||
}
|
||||
],
|
||||
"sampleQueries": [
|
||||
{
|
||||
"description" : "Top 10 Clients (Source IP)",
|
||||
"query": "NGINXHTTPServer\n | summarize count() by SrcIpAddr\n | top 10 by count_"
|
||||
}
|
||||
],
|
||||
"dataTypes": [
|
||||
{
|
||||
"name": "NGINX_CL",
|
||||
"lastDataReceivedQuery": "NGINXHTTPServer\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
|
||||
}
|
||||
],
|
||||
"connectivityCriterias": [
|
||||
{
|
||||
"type": "IsConnectedQuery",
|
||||
"value": [
|
||||
"NGINXHTTPServer\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
|
||||
]
|
||||
}
|
||||
],
|
||||
"availability": {
|
||||
"status": 1
|
||||
},
|
||||
"permissions": {
|
||||
"resourceProvider": [
|
||||
{
|
||||
"provider": "Microsoft.OperationalInsights/workspaces",
|
||||
"permissionsDisplayText": "write permission is required.",
|
||||
"providerDisplayName": "Workspace",
|
||||
"scope": "Workspace",
|
||||
"requiredPermissions": {
|
||||
"write": true,
|
||||
"delete": true
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"instructionSteps": [
|
||||
{
|
||||
"title": "",
|
||||
"description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. [Follow these steps](https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/NGINX/NGINXHTTPServer.txt) to create the Kusto Functions alias, **NGINXHTTPServer**",
|
||||
"instructions": [
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "1. Install and onboard the agent for Linux or Windows",
|
||||
"description": "Install the agent on the NGINX HTTP Server where the logs are generated.\n\n> Logs from NGINX HTTP Server deployed on Linux or Windows servers are collected by **Linux** or **Windows** agents.",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
"title": "Choose where to install the Linux agent:",
|
||||
"instructionSteps": [
|
||||
{
|
||||
"title": "Install agent on Azure Linux Virtual Machine",
|
||||
"description": "Select the machine to install the agent on and then click **Connect**.",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
"linkType": "InstallAgentOnLinuxVirtualMachine"
|
||||
},
|
||||
"type": "InstallAgent"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Install agent on a non-Azure Linux Machine",
|
||||
"description": "Download the agent on the relevant machine and follow the instructions.",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
"linkType": "InstallAgentOnLinuxNonAzure"
|
||||
},
|
||||
"type": "InstallAgent"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"type": "InstructionStepsGroup"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
"title": "Choose where to install the Windows agent:",
|
||||
"instructionSteps": [
|
||||
{
|
||||
"title": "Install agent on Azure Windows Virtual Machine",
|
||||
"description": "Select the machine to install the agent on and then click **Connect**.",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
"linkType": "InstallAgentOnVirtualMachine"
|
||||
},
|
||||
"type": "InstallAgent"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Install agent on a non-Azure Windows Machine",
|
||||
"description": "Download the agent on the relevant machine and follow the instructions.",
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
"linkType": "InstallAgentOnNonAzure"
|
||||
},
|
||||
"type": "InstallAgent"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"type": "InstructionStepsGroup"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "2. Configure the logs to be collected",
|
||||
"description": "Configure the custom log directory to be collected" ,
|
||||
"instructions": [
|
||||
{
|
||||
"parameters": {
|
||||
"linkType": "OpenAdvancedWorkspaceSettings"
|
||||
},
|
||||
"type": "InstallAgent"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "",
|
||||
"description":"1. Select the link above to open your workspace advanced settings \n2. From the left pane, select **Data**, select **Custom Logs** and click **Add+**\n3. Click **Browse** to upload a sample of a NGINX HTTP Server log file (e.g. access.log or error.log). Then, click **Next >**\n4. Select **New line** as the record delimiter and click **Next >**\n5. Select **Windows** or **Linux** and enter the path to NGINX HTTP logs based on your configuration. Example: \n - **Linux** Directory: '/var/log/nginx/*.log' \n6. After entering the path, click the '+' symbol to apply, then click **Next >** \n7. Add **NGINX_CL** as the custom log Name and click **Done**"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,55 @@
|
|||
// Usage Instruction :
|
||||
// Paste below query in log analytics, click on Save button and select as Function from drop down by specifying function name and alias as NGINXHTTPServer.
|
||||
// Function usually takes 10-15 minutes to activate. You can then use function alias from any other queries (e.g. NGINXHTTPServer | take 10).
|
||||
// Reference : Using functions in Azure monitor log queries : https://docs.microsoft.com/azure/azure-monitor/log-query/functions
|
||||
let nginx_accesslog_events =() {
|
||||
NGINX_CL
|
||||
| where RawData matches regex @'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*\[.*\]\s\"(GET|POST).*?\"\s([1-5][0-9]{2})\s(\d+)\s\"(.*?)\"\s\"(.*?)\".*'
|
||||
| extend EventProduct = 'NGINX'
|
||||
| extend EventType = 'AccessLog'
|
||||
| extend EventData = split(RawData, '"')
|
||||
| extend SubEventData0 = split(trim_start(@' ', (trim_end(@' ', tostring(EventData[0])))), ' ')
|
||||
| extend SubEventData1 = split(EventData[1], ' ')
|
||||
| extend SubEventData2 = split(trim_start(@' ', (trim_end(@' ', tostring(EventData[2])))), ' ')
|
||||
| extend SrcIpAddr = tostring(SubEventData0[0])
|
||||
| extend SrcUserName = SubEventData0[2]
|
||||
| extend EventStartTime = todatetime(replace(@'\/', @'-', replace(@'(\d{2}\/\w{3}\/\d{4}):(\d{2}\:\d{2}\:\d{2})', @'\1 \2', extract(@'\[(.*?)\+\d+\]', 1, RawData))))
|
||||
| extend HttpRequestMethod = SubEventData1[0]
|
||||
| extend UrlOriginal = SubEventData1[1]
|
||||
| extend HttpVersion = SubEventData1[2]
|
||||
| extend HttpStatusCode = SubEventData2[0]
|
||||
| extend HttpResponseBodyBytes = SubEventData2[1]
|
||||
| extend HttpReferrerOriginal = EventData[3]
|
||||
| extend HttpUserAgentOriginal = EventData[5]
|
||||
};
|
||||
let nginx_errorlog_events=() {
|
||||
NGINX_CL
|
||||
| where RawData matches regex @'\A\d{4}\/\d{2}\/\d{2}\s+\d{2}\:\d{2}\:\d{2}\s+\[.*?\]\s\d+\#\d+\:'
|
||||
| extend EventProduct = 'NGINX'
|
||||
| extend EventType = 'ErrorLog'
|
||||
| extend EventType = 'ErrorLog'
|
||||
| extend EventSeverity = extract(@'\[(.*?)\]', 1, RawData)
|
||||
| extend EventStartTime = todatetime(replace(@'\/', '-', extract(@'\A(.*?)\s\[', 1, RawData)))
|
||||
| extend SrcIpAddr = extract(@'client: (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})', 1, RawData)
|
||||
| extend ProcessId = extract(@'\]\s(\d+)\#', 1, RawData)
|
||||
| extend ThreadId = extract(@'\]\s\d+\#(\d+)\:', 1, RawData)
|
||||
| extend EventMessage = extract(@'\d+\#\d+\:\s(.*)', 1, RawData)
|
||||
};
|
||||
union isfuzzy=true nginx_accesslog_events, nginx_errorlog_events
|
||||
| project TimeGenerated
|
||||
, EventProduct
|
||||
, EventType
|
||||
, EventSeverity
|
||||
, EventStartTime
|
||||
, SrcIpAddr
|
||||
, SrcUserName
|
||||
, HttpRequestMethod
|
||||
, UrlOriginal
|
||||
, HttpVersion
|
||||
, HttpStatusCode
|
||||
, HttpResponseBodyBytes
|
||||
, HttpReferrerOriginal
|
||||
, HttpUserAgentOriginal
|
||||
, ProcessId
|
||||
, ThreadId
|
||||
, EventMessage
|
|
@ -0,0 +1,387 @@
|
|||
[
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "3.180.71.3 - - [17/May/2015:08:05:26 +0000] \"GET /downloads/product_1 HTTP/1.1\" 404 324 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.21)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "91.234.194.89 - - [17/May/2015:08:05:22 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "80.91.33.133 - - [17/May/2015:08:05:07 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.17)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "37.26.93.214 - - [17/May/2015:08:05:38 +0000] \"GET /downloads/product_2 HTTP/1.1\" 404 319 \"-\" \"Go 1.1 package http\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "188.138.60.101 - - [17/May/2015:08:05:25 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "93.180.71.3 - - [17/May/2015:08:05:11 +0000] \"GET /downloads/product_1 HTTP/1.1\" 404 340 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.21)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "46.4.66.76 - - [17/May/2015:08:05:02 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (1.0.1ubuntu2)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "62.75.198.179 - - [17/May/2015:08:05:06 +0000] \"GET /downloads/product_2 HTTP/1.1\" 200 490 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "80.91.33.133 - - [17/May/2015:08:05:55 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.16)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "173.203.139.108 - - [17/May/2015:08:05:53 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "210.245.80.75 - - [17/May/2015:08:05:32 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (1.0.1ubuntu2)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "46.4.83.163 - - [17/May/2015:08:05:52 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "91.234.194.89 - - [17/May/2015:08:05:18 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "93.180.71.3 - - [17/May/2015:08:05:26 +0000] \"GET /downloads/product_1 HTTP/1.1\" 404 324 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.21)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "91.234.194.89 - - [17/May/2015:08:05:22 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "80.91.33.133 - - [17/May/2015:08:05:07 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.17)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "37.26.93.214 - - [17/May/2015:08:05:38 +0000] \"GET /downloads/product_2 HTTP/1.1\" 404 319 \"-\" \"Go 1.1 package http\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "188.138.60.101 - - [17/May/2015:08:05:25 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "93.180.71.3 - - [17/May/2015:08:05:11 +0000] \"GET /downloads/product_1 HTTP/1.1\" 404 340 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.21)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "46.4.66.76 - - [17/May/2015:08:05:02 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (1.0.1ubuntu2)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "62.75.198.179 - - [17/May/2015:08:05:06 +0000] \"GET /downloads/product_2 HTTP/1.1\" 200 490 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "80.91.33.133 - - [17/May/2015:08:05:55 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.16)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "173.203.139.108 - - [17/May/2015:08:05:53 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "210.245.80.75 - - [17/May/2015:08:05:32 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (1.0.1ubuntu2)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "46.4.83.163 - - [17/May/2015:08:05:52 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "91.234.194.89 - - [17/May/2015:08:05:18 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "020/12/04 12:07:22 [info] 1270#1270: *19939 client closed connection while waiting for request, client: 10.200.11.54, server: 0.0.0.0:443\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "2020/12/04 12:19:17 [info] 1269#1269: *20213 peer closed connection in SSL handshake while SSL handshaking, client: 10.200.11.54, server: 0.0.0.0:443\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "2020/12/04 12:22:48 [info] 1270#1270: *20327 client closed connection while waiting for request, client: 10.200.11.54, server: 0.0.0.0:443\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "2020/12/04 12:22:49 [info] 1269#1269: *20330 peer closed connection in SSL handshake while SSL handshaking, client: 10.200.11.54, server: 0.0.0.0:443\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "2020/12/04 12:22:49 [info] 1270#1270: *20331 client closed connection while waiting for request, client: 10.200.11.54, server: 0.0.0.0:443\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "2020/12/04 12:36:27 [info] 1269#1269: *20475 peer closed connection in SSL handshake while SSL handshaking, client: 10.200.11.54, server: 0.0.0.0:443\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "2020/12/05 03:28:39 [notice] 1268#1268: signal 10 (SIGUSR1) received from 416, reopening logs\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "2020/12/05 03:28:39 [notice] 1268#1268: reopening logs\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
},
|
||||
{
|
||||
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
|
||||
"SourceSystem": "OpsManager",
|
||||
"MG": "00000000-0000-0000-0000-000000000002",
|
||||
"ManagementGroupName": "srv-elk-060",
|
||||
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
|
||||
"Computer": "srv-elk-060",
|
||||
"RawData": "2020/12/05 03:28:39 [notice] 1269#1269: reopening logs\n",
|
||||
"Type": "NGINX_CL",
|
||||
"_ResourceId": ""
|
||||
}
|
||||
]
|
Загрузка…
Ссылка в новой задаче