1onsuccess: next_stage
2## Facilite le débogage
3## EN: Enable debugging
4debug: false
5## Nom de la tâche
6## EN: Task name
7name: aidalinfo/tcpudp-flood-traefik
8## Description de la tâche
9## EN: Task description
10description: "Parse TCP/UDP traefik logs"
11## filtre du log à traiter
12## EN: Log filter to process
13filter: "evt.Parsed.program == 'tcpudp-traefik'"
14## Liste des nœuds
15## EN: List of nodes
16nodes:
17## TCP GROK
18  - grok:
19  ## Grok pattern for extract IP SOURCE and other informations on this message structure
20      pattern: 'time="%{TIMESTAMP_ISO8601:time}" level=%{LOGLEVEL:level} msg="Handling TCP connection from %{IP:source_ip}:%{NUMBER:source_port} to %{IP:destination_ip}:%{NUMBER:destination_port}"'
21      ## Apply pattern on for all message in logs
22      apply_on: message
23      statics:
24      ## Add meta value, this type is used by scenario
25        - meta: log_type
26          value: traefik_tcpudp
27## UDP GROK pattern for extract IP SOURCE and other informations on this message structure
28  - grok:
29      pattern: 'time="%{TIMESTAMP_ISO8601:time}" level=%{LOGLEVEL:level} msg="Handling UDP stream from %{IP:source_ip}:%{NUMBER:source_port} to %{IP:destination_ip}:%{NUMBER:destination_port}"'
30     ## Apply pattern on for all message in logs
31      apply_on: message
32      statics:
33      ## Add meta value, this type is used by scenario
34        - meta: log_type
35          value: traefik_tcpudp
36statics:
37## Pass Time and Source IP to other stages and scenarios.
38    - meta: source_ip
39      expression: "evt.Parsed.source_ip"
40    - target: evt.StrTime
41      expression: evt.Parsed.time
42