Sidehistorik
...
| Kodeblok |
|---|
if [DST] == "8.8.8.8"
{
drop {}
} |
Adding fields/metadata
FRom From the syslogRouter Syslog, I would like to add an owner and device of the Source (Identified by Source IP "SRC") and a Device (also identified by Source IP "SRC") - I have static IP's for the devices:
| Kodeblok |
|---|
if [SRC] == "10.0.0.102" {
mutate
{
add_field => { "IPOwner" => "Toke" "Device" => "iPad" }
}
}
...
...
if [SRC] == "10.0.0.109" {
mutate
{
add_field => { "IPOwner" => "Christopher" "Device" => "Laptop LAN" }
}
} |
...