Hub configuration

More info

couchdb-logs Log Parser

« couchdb-logs »
v0.1 by aidalinfo
Log parser

First step get IP, User, time and IP from couchdb logs

Installation

cscli parsers install aidalinfo/couchdb-logs

Description

Parser for CouchDB

Example acquisition :

1---
2filenames:
3  - /path/to/couch.log
4labels:
5  type: couchdb

YAML Configuration

1# debug: true
2filter: "evt.Parsed.program == 'couchdb'"
3name: aidalinfo/couchdb-log-node
4description: "First step get IP, User, time and IP from couchdb logs"
5nodes:
6  - grok:
7      pattern: '\[notice\] %{TIMESTAMP_ISO8601:timestamp} %{GREEDYDATA} %{IP:source_ip} %{WORD:user} %{WORD:http_method} %{URIPATHPARAM:request} %{NUMBER:http_status_code}'
8      apply_on: message
9      statics:
10        - meta: stage_log
11          value: root-done
12        - meta: target_user
13          expression: "evt.Parsed.user"
14        - meta: source_ip
15          expression: "evt.Parsed.source_ip"
16        - target: evt.StrTime
17          expression: evt.Parsed.timestamp
18        - meta: path_db
19          expression: evt.Parsed.request
20---
21onsuccess: next_stage
22filter: "evt.Meta.stage_log == 'root-done'"
23name: aidalinfo/couchdb-log-subnode
24description: "Second step sort if is bruteforce or crawl"
25# debug: true
26nodes:
27  - filter: "evt.Parsed.http_status_code == '401'"
28    debug: false
29    statics:
30      - meta: log_type
31        value: bf-enum-couchdb
32  - filter: "evt.Parsed.http_status_code == '404'"
33    debug: false
34    statics:
35      - meta: log_type
36        value: crawl-couchdb

Hub configuration

« couchdb-logs »v0.1 by aidalinfoLog parser

« couchdb-logs »
v0.1 by aidalinfo
Log parser