From ebaa1366845d70699435d2c0f9b320b3d13a52d8 Mon Sep 17 00:00:00 2001
From: "jesper.eneberg" <jesper.eneberg@husqvarnagroup.com>
Date: Sun, 30 Oct 2016 21:21:41 +0100
Subject: [PATCH] Adding VPC flowlogs to AWS patterns

---
 patterns/aws | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/patterns/aws b/patterns/aws
index 80eb6fb5..501a638a 100644
--- a/patterns/aws
+++ b/patterns/aws
@@ -12,3 +12,5 @@ ELB_ACCESS_LOG %{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:elb} %{IP:clientip}:%{I
 
 CLOUDFRONT_ACCESS_LOG (?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\t%{TIME})\t%{WORD:x_edge_location}\t(?:%{NUMBER:sc_bytes:int}|-)\t%{IPORHOST:clientip}\t%{WORD:cs_method}\t%{HOSTNAME:cs_host}\t%{NOTSPACE:cs_uri_stem}\t%{NUMBER:sc_status:int}\t%{GREEDYDATA:referrer}\t%{GREEDYDATA:agent}\t%{GREEDYDATA:cs_uri_query}\t%{GREEDYDATA:cookies}\t%{WORD:x_edge_result_type}\t%{NOTSPACE:x_edge_request_id}\t%{HOSTNAME:x_host_header}\t%{URIPROTO:cs_protocol}\t%{INT:cs_bytes:int}\t%{GREEDYDATA:time_taken:float}\t%{GREEDYDATA:x_forwarded_for}\t%{GREEDYDATA:ssl_protocol}\t%{GREEDYDATA:ssl_cipher}\t%{GREEDYDATA:x_edge_response_result_type}
 
+VPC %{INT:version},%{INT:account},%{DATA:interface},(%{IP:source_ip}|-),(%{IP:destination_ip}|-),(%{INT:source_port}|-),(%{INT:destination_port}|-),(%{INT:protocolnr}|-),(%{INT:packets}|-),(%{INT:bytes}|-),%{INT:start},%{INT:end},%{WORD:action},%{WORD:status}
+