Sha256: 0ddd901c04d630b3456c3d97e4bbd63d2d4fe8ae946e5ba617c979e6edbf33f1
Contents?: true
Size: 773 Bytes
Versions: 1
Compression:
Stored size: 773 Bytes
Contents
require "test_utils"
describe "fail2ban logs", :if => RUBY_ENGINE == "jruby" do
extend LogStash::RSpec
# The logstash config goes here.
# At this time, only filters are supported.
config <<-CONFIG
filter {
grok {
pattern => "^%{TIMESTAMP_ISO8601:timestamp} fail2ban\.actions: %{WORD:level} \\[%{WORD:program}\\] %{WORD:action} %{IP:ip}"
singles => true
}
date {
match => [ "timestamp", "yyyy-MM-dd HH:mm:ss,SSS" ]
}
mutate {
remove => timestamp
}
}
CONFIG
sample "2013-06-28 15:10:59,891 fail2ban.actions: WARNING [ssh] Ban 95.78.163.5" do
insist { subject["program"] } == "ssh"
insist { subject["action"] } == "Ban"
insist { subject["ip"] } == "95.78.163.5"
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| logstash-lib-1.3.2 | spec/examples/fail2ban.rb |