hestiacp-logs Log Parser

« hestiacp-logs »
v0.1 by LearningSpot
Log parser

Parse Hestiacp Logs

Installation

cscli parsers install LearningSpot/hestiacp-logs

Description

Parser for Hestiacp Logs.

---
filenames:
 - /var/log/hestia/auth.log
labels:
  type: hestiacp

YAML Configuration

1name: LearningSpot/hestiacp-logs
2description: "Parse Hestiacp Logs"
3filter: "evt.Parsed.program == 'hestiacp'"
4onsuccess: next_stage
5nodes:
6 - grok:
7     pattern: '%{TIMESTAMP_ISO8601:timestamp} %{USERNAME:username} %{IP:source_ip} failed to login'
8     apply_on: message
9     statics:
10       - meta: log_type
11         value: hestiacp_failed_auth
12statics:
13   - meta: service
14     value: hestiacp
15   - meta: source_ip
16     expression: evt.Parsed.source_ip
17   - target: evt.StrTime
18     expression: evt.Parsed.timestamp
19   - meta: target_user
20     expression: evt.Parsed.username
21

Hub configuration

« hestiacp-logs »v0.1 by LearningSpotLog parser

« hestiacp-logs »
v0.1 by LearningSpot
Log parser