cscli parsers install LePresidente/gitea-logsParser for Gitea Logs.
---
filenames:
- /var/log/gitea.log
labels:
type: gitea1onsuccess: next_stage2#debug: false3name: LePresidente/gitea-logs4filter: "evt.Parsed.program == 'gitea'"5description: "Parse gitea logs"6pattern_syntax:7 GITEA_CUSTOMUSER: "(%{EMAILADDRESS}|%{USERNAME})"8 GITEA_CUSTOMDATE: "%{DATE_X} %{TIME}"9nodes:10 - grok:11 pattern: '^%{GITEA_CUSTOMDATE:timestamp}.*?Failed authentication attempt for %{GITEA_CUSTOMUSER:username} from %{IP:remote_ip}:%{NUMBER:remote_port}.* user does not exist'12 apply_on: message13 statics:14 - meta: log_type15 value: gitea_failed_auth16 - grok:17 pattern: '^%{GITEA_CUSTOMDATE:timestamp}.*?Failed authentication attempt for %{GITEA_CUSTOMUSER:username} from \[%{IP:remote_ip}\].* user does not exist'18 apply_on: message19 statics:20 - meta: log_type21 value: gitea_failed_auth22 - grok:23 pattern: '^%{GITEA_CUSTOMDATE:timestamp}.*?Failed authentication attempt from %{IP:remote_ip}:%{NUMBER:remote_port}'24 apply_on: message25 statics:26 - meta: log_type27 value: gitea_failed_auth28 - grok:29 pattern: '^%{GITEA_CUSTOMDATE:timestamp}.*?Failed authentication attempt from \[%{IP:remote_ip}\]'30 apply_on: message31 statics:32 - meta: log_type33 value: gitea_failed_auth34 - grok:35 pattern: "^%{GITEA_CUSTOMDATE:timestamp}.*?Failed authentication attempt for %{GITEA_CUSTOMUSER:username} from %{IP:remote_ip}:%{NUMBER:remote_port}.* user's password is invalid"36 apply_on: message37 statics:38 - meta: log_type39 value: gitea_failed_auth40 - grok:41 pattern: "^%{GITEA_CUSTOMDATE:timestamp}.*?Failed authentication attempt for %{GITEA_CUSTOMUSER:username} from %{IP:remote_ip}:%{NUMBER:remote_port}.* (user|Email address) does not exist"42 apply_on: message43 statics:44 - meta: log_type45 value: gitea_failed_auth4647statics:48 - meta: service49 value: gitea50 - meta: user51 expression: "evt.Parsed.username"52 - target: evt.StrTime53 expression: evt.Parsed.timestamp54 - meta: source_ip55 expression: "evt.Parsed.remote_ip"56