cscli parsers install andreasbrett/baikal-logsParser for Baikal logs. Baikal does not produce dedicated logs but rather sends PHP errors into apache/nginx logs. Currently only apache error logs are supported by this parser.
1---2filenames:3 - /var/log/httpd/error.log4labels:5 type: Baikal
1onsuccess: next_stage2filter: "Upper(evt.Parsed.program) == 'BAIKAL'"3name: andreasbrett/baikal-logs4description: "Parse baikal logs"5pattern_syntax:6 BAIKAL_FAILED_AUTH: '\[%{HTTPDERROR_DATE:timestamp}\].*\[client %{IP:source_ip}:%{INT:source_port}\] AH01071: Got error ''PHP message: user %{USERNAME:username} authentication failure for Baikal'''7 BAIKAL_FAILED_AUTH_NO_USER: '\[%{HTTPDERROR_DATE:timestamp}\].*\[client %{IP:source_ip}:%{INT:source_port}\] AH01071: Got error ''PHP message: user \(name stripped-out\) authentication failure for Baikal'''8nodes:9 - grok:10 pattern: "%{BAIKAL_FAILED_AUTH}"11 apply_on: message12 statics:13 - meta: log_type14 value: baikal_failed_auth15 - meta: username16 expression: evt.Parsed.username17 - grok:18 pattern: "%{BAIKAL_FAILED_AUTH_NO_USER}"19 apply_on: message20 statics:21 - meta: log_type22 value: baikal_failed_auth_no_user2324statics:25 - meta: service26 value: baikal27 - meta: source_ip28 expression: "evt.Parsed.source_ip"29 - target: evt.StrTime30 expression: evt.Parsed.timestamp31