bitwarden-logs Configuration

« bitwarden-logs »
v0.1 by MariuszKociubinski
Log parser

Parse bitwarden logs

Installation

cscli parsers install MariuszKociubinski/bitwarden-logs

YAML Configuration

1onsuccess: next_stage
2filter: "evt.Parsed.program == 'bitwarden'"
3name: MariuszKociubinski/bitwarden-logs
4description: "Parse bitwarden logs"
5debug: false
6pattern_syntax:
7  BITWARDEN_FAILED_LOGIN: '^%{EXIM_DATE:timestamp}.*Failed login attempt\. %{IP:source_ip}.*$'
8  BITWARDEN_FAILED_LOGIN_2FA: '^%{EXIM_DATE:timestamp}.*Failed login attempt\, 2FA invalid\. %{IP:source_ip}.*$'
9nodes:
10  - grok:
11      name: BITWARDEN_FAILED_LOGIN  
12      apply_on: message
13      statics:
14        - meta: log_type
15          value: bitwarden_failed_auth
16  - grok:
17      name: BITWARDEN_FAILED_LOGIN_2FA
18      apply_on: message
19      statics:
20        - meta: log_type
21          value: bitwarden_failed_auth_2fa
22statics:
23    - meta: service
24      value: bitwarden
25    - target: evt.StrTime
26      expression: evt.Parsed.timestamp
27    - meta: source_ip
28      expression: "evt.Parsed.source_ip"
29

Hub configuration

« bitwarden-logs »v0.1 by MariuszKociubinskiLog parser

« bitwarden-logs »
v0.1 by MariuszKociubinski
Log parser