cscli parsers install andreasbrett/paperless-ngx-logs
Parser for Paperless-ngx Logs.
---
filenames:
- /var/log/paperless.log
labels:
type: Paperless-ngx
1onsuccess: next_stage2filter: "Upper(evt.Parsed.program) == 'PAPERLESS-NGX'"3name: andreasbrett/paperless-ngx-logs4description: "Parse paperless-ngx logs"5pattern_syntax:6 DATE_YMD: "%{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:day}"7 PAPERLESS_NGX_USER: "%{USERNAME}|%{EMAILADDRESS}"8nodes:9 - grok:10 # Paperless-ngx v1.14.0 to v1.16.511 pattern: '\[%{DATE_YMD:date} %{TIME:time}\] \[INFO\] \[paperless\.auth\] Login failed for user `%{PAPERLESS_NGX_USER:username}` from (private )?IP `%{IP:source_ip}\.`'12 apply_on: message13 statics:14 - meta: log_type15 value: paperless_ngx_failed_auth16 - meta: username17 expression: evt.Parsed.username18 - grok:19 # Paperless-ngx v1.16.6+20 pattern: '\[%{DATE_YMD:date} %{TIME:time}\] \[INFO\] \[paperless\.auth\] Login failed for user `%{PAPERLESS_NGX_USER:username}` from (private )?IP `%{IP:source_ip}`\.'21 apply_on: message22 statics:23 - meta: log_type24 value: paperless_ngx_failed_auth25 - meta: username26 expression: evt.Parsed.username2728statics:29 - meta: service30 value: paperless-ngx31 - meta: source_ip32 expression: "evt.Parsed.source_ip"33 - target: evt.StrTime34 expression: "evt.Parsed.date + ' ' + evt.Parsed.time"35