Hub configuration

More info

bitwarden-logs Log Parser

« bitwarden-logs »
v0.2 by MariuszKociubinski
Log parser

Parse bitwarden logs

Installation

cscli parsers install MariuszKociubinski/bitwarden-logs

Description

Parser for Bitwarden Logs.

1---
2filenames:
3  - /etc/bitwarden/logs/identity.log
4labels:
5  type: bitwarden

YAML Configuration

1onsuccess: next_stage
2#debug: false
3name: MariuszKociubinski/bitwarden-logs
4description: "Parse bitwarden logs"
5filter: "evt.Parsed.program == 'bitwarden'"
6nodes:
7  - grok:
8      pattern: '^%{EXIM_DATE:timestamp}.*Failed login attempt\. %{IP:source_ip}.*$'
9      apply_on: message
10      statics:
11        - meta: log_type
12          value: bitwarden_failed_auth
13  - grok:
14      pattern: '^%{EXIM_DATE:timestamp}.*Failed login attempt\, 2FA invalid\. %{IP:source_ip}.*$'
15      apply_on: message
16      statics:
17        - meta: log_type
18          value: bitwarden_failed_auth
19
20statics:
21    - meta: service
22      value: bitwarden
23    - meta: source_ip
24      expression: "evt.Parsed.source_ip"
25    - target: evt.StrTime
26      expression: evt.Parsed.timestamp
27

Hub configuration

« bitwarden-logs »v0.2 by MariuszKociubinskiLog parser

« bitwarden-logs »
v0.2 by MariuszKociubinski
Log parser