Updated S3 API Audit log (markdown)

2024-01-19 02:48:24 +00:00 · 2021-12-14 18:45:41 +05:00 · 2021-12-14 18:45:41 +05:00 · e43140f67c
parent 244d9d4ea7
commit e43140f67c
1 changed files with 40 additions and 40 deletions
--- a/S3-API-Audit-log.md
+++ b/S3-API-Audit-log.md
@ -33,46 +33,46 @@

 logstash.conf:
 ```
-        filter {
-          if [tags][0] and [tags][0] =~ /s3.access/ {
-            ruby {
-              code => 'event.set("environment", ((event.get("tags").first).split(".")).first)'
-              add_field  => { "[@metadata][input_type]" => "s3.access" }
-              remove_field => [ host, "@timestamp", "@version", port, tags ]
-            }
-          }
-          if ![environment] or [environment] == "" {
-              mutate {
-                replace => { "environment" => "unknown" }
-              }
-          }
-        }
-        input {
-          tcp {
-            codec => fluent
-            port => 24224
-          }
-        }
-        output {
-          if [@metadata][input_type] == "s3.access" {
-            clickhouse {
-              headers => ["Authorization", "Basic ${CLICKHOUSE_BASIC_AUTH}"]
-              http_hosts => ["${CLICKHOUSE_URL}", "${CLICKHOUSE_URL}"]
-              table => "${CLICKHOUSE_TABLE}"
-              flush_size => 1000
-              pool_max => 1000
-              idle_flush_time => 5
-              backoff_time => 3
-              request_tolerance => 5
-              automatic_retries => 1
-              save_on_failure => true
-              save_dir => "${CLICKHOUSE_SAVE_DIR}"
-              date_time_input_format => "best_effort"
-              skip_unknown => "1"
-              id => "clickhouse"
-            }
-          }
-        }
+filter {
+  if [tags][0] and [tags][0] =~ /s3.access/ {
+    ruby {
+      code => 'event.set("environment", ((event.get("tags").first).split(".")).first)'
+      add_field  => { "[@metadata][input_type]" => "s3.access" }
+      remove_field => [ host, "@timestamp", "@version", port, tags ]
+    }
+  }
+  if ![environment] or [environment] == "" {
+      mutate {
+        replace => { "environment" => "unknown" }
+      }
+  }
+}
+input {
+  tcp {
+    codec => fluent
+    port => 24224
+  }
+}
+output {
+  if [@metadata][input_type] == "s3.access" {
+    clickhouse {
+      headers => ["Authorization", "Basic ${CLICKHOUSE_BASIC_AUTH}"]
+      http_hosts => ["${CLICKHOUSE_URL}", "${CLICKHOUSE_URL}"]
+      table => "${CLICKHOUSE_TABLE}"
+      flush_size => 1000
+      pool_max => 1000
+      idle_flush_time => 5
+      backoff_time => 3
+      request_tolerance => 5
+      automatic_retries => 1
+      save_on_failure => true
+      save_dir => "${CLICKHOUSE_SAVE_DIR}"
+      date_time_input_format => "best_effort"
+      skip_unknown => "1"
+      id => "clickhouse"
+    }
+  }
+}
 ```