zoraxy-logs Log Parser

« zoraxy-logs »
v0.1 by Raithmir
Log parser

Parse Zoraxy logs

Installation

cscli parsers install Raithmir/zoraxy-logs

Description

A generic parser for Zoraxy. Zoraxy currently uses a single log for both access and errors.

YAML Configuration

1name: Raithmir/zoraxy-logs
2description: "Parse Zoraxy logs"
3filter: "evt.Parsed.program == 'zoraxy'"
4onsuccess: next_stage
5#debug: true
6nodes:
7 - grok:
8     pattern: '\[%{TIMESTAMP_ISO8601:time_stamp}\] \[router:(?:host-http|whitelist|blacklist|subdomain-http|host-websocket|vdir-http|vdir-websocket|redirect|root-no_resp)\] \[origin:%{IPORHOST:target_server}?\] \[client: %{IPORHOST:remote_addr}\] \[useragent: %{DATA:http_user_agent}\] %{WORD:verb} %{DATA:request} %{NUMBER:status}'
9     apply_on: message
10     statics:
11       - meta: log_type
12         value: http_access-log
13       - target: evt.StrTime
14         expression: evt.Parsed.time_stamp
15
16statics:
17   - meta: service
18     value: http
19   - meta: source_ip
20     expression: evt.Parsed.remote_addr
21   - meta: http_status
22     expression: evt.Parsed.status
23   - meta: http_path
24     expression: evt.Parsed.request
25   - meta: http_verb
26     expression: evt.Parsed.verb
27   - meta: http_user_agent
28     expression: evt.Parsed.http_user_agent
29   - meta: target_fqdn
30     expression: evt.Parsed.target_server
31

Hub configuration

« zoraxy-logs »v0.1 by RaithmirLog parser

« zoraxy-logs »
v0.1 by Raithmir
Log parser