dockge-logs Log Parser

« dockge-logs »
v0.2 by LearningSpot
Log parser

Parse Dockge Logs

Installation

cscli parsers install LearningSpot/dockge-logs

Description

Parser for Dockge Logs with Docker.

---
source: docker
container_name:
 - dockge
labels:
  type: dockge

YAML Configuration

1name: LearningSpot/dockge-logs
2description: "Parse Dockge Logs"
3filter: "evt.Parsed.program == 'dockge'"
4onsuccess: next_stage
5nodes:
6 - grok:
7     pattern: '%{TIMESTAMP_ISO8601:timestamp} \[AUTH\] WARN: Incorrect username or password for user %{DATA:username}.? IP=%{IP:source_ip}'
8     apply_on: message
9     statics:
10       - meta: log_type
11         value: dockge_failed_auth
12       - target: evt.StrTime
13         expression: evt.Parsed.timestamp
14       - meta: username
15         expression: evt.Parsed.username
16statics:
17   - meta: service
18     value: dockge
19   - meta: source_ip
20     expression: evt.Parsed.source_ip
21

Hub configuration

« dockge-logs »v0.2 by LearningSpotLog parser

« dockge-logs »
v0.2 by LearningSpot
Log parser