**Now here ,this is a test log**
Thu Jun 08 2017 03:06:50 www3 sshd[2294]: Failed password for beyonce from 10.1.10.172 port 3529 ssh2
host = node1 source =secure.log sourcetype =asd
Thu Jun 08 2017 03:06:33 www3 sshd[4541]: Failed password for myuan from 10.1.10.172 port 1511 ssh2
host = node1 source =secure.log sourcetype =asd
I want to configure my tansforms.conf to filter my events :Concretely,I only want to get the events with Failed password and ,I also want to delete some events with some specific users(the field define user is for 'myuan' ),for example,delete the user called myuan and beyonce .
↧