harbor-logs Log Parser

« harbor-logs »
v0.1 by LePresidente
Log parser

Parse Harbor logs

Installation

cscli parsers install LePresidente/harbor-logs

Description

Parser for Harbor Logs.

---
filenames:
 - /var/log/harbor/core.log
labels:
  type: harbor

YAML Configuration

1onsuccess: next_stage
2debug: false
3name: LePresidente/harbor-logs
4filter: "evt.Parsed.program == 'harbor'"
5description: "Parse Harbor logs"
6pattern_syntax:
7  HARBOR_CUSTOMUSER: "(%{EMAILADDRESS}|%{USERNAME})"
8nodes:
9  - grok:
10      pattern: '.*core\[%{GREEDYDATA:PID}\]: %{RFC3339:timestamp} \[%{GREEDYDATA:ERROR}\] .*\[client IP="%{IP:remote_ip}, %{IP:internal_ip}".*failed to authenticate user:%{HARBOR_CUSTOMUSER:username}, error:Failed to authenticate user, due to error \SInvalid credentials\S'
11      apply_on: message
12      statics:
13        - meta: log_type
14          value: harbor_failed_auth
15statics:
16    - meta: service
17      value: harbor
18    - meta: user
19      expression: "evt.Parsed.username"
20    - target: evt.StrTime
21      expression: evt.Parsed.timestamp
22    - meta: source_ip
23      expression: "evt.Parsed.remote_ip"

Hub configuration

« harbor-logs »v0.1 by LePresidenteLog parser

« harbor-logs »
v0.1 by LePresidente
Log parser