cscli parsers install LearningSpot/hestiacp-logs
Parser for Hestiacp Logs.
---
filenames:
- /var/log/hestia/auth.log
labels:
type: hestiacp
1name: LearningSpot/hestiacp-logs2description: "Parse Hestiacp Logs"3filter: "evt.Parsed.program == 'hestiacp'"4onsuccess: next_stage5nodes:6 - grok:7 pattern: '%{TIMESTAMP_ISO8601:timestamp} %{USERNAME:username} %{IP:source_ip} failed to login'8 apply_on: message9 statics:10 - meta: log_type11 value: hestiacp_failed_auth12statics:13 - meta: service14 value: hestiacp15 - meta: source_ip16 expression: evt.Parsed.source_ip17 - target: evt.StrTime18 expression: evt.Parsed.timestamp19 - meta: target_user20 expression: evt.Parsed.username21