webmin-logs Log Parser

« webmin-logs »
v0.2 by andreasbrett
Log parser

Parse webmin logs

Installation

cscli parsers install andreasbrett/webmin-logs

Description

Parser for Webmin logs

---
filenames:
    - /var/webmin/webmin.log
labels:
    type: Webmin

YAML Configuration

1onsuccess: next_stage
2filter: "Upper(evt.Parsed.program) == 'WEBMIN'"
3name: andreasbrett/webmin-logs
4description: "Parse webmin logs"
5pattern_syntax:
6    WEBMIN_AUTH_WRONG_PASS: '%{INT:unix_epoch}\.%{INT}\.%{INT} \[.*\] %{USERNAME:username} - %{IP:source_ip} global miniserv.pl "failed" "-" "wrongpass"'
7    WEBMIN_AUTH_TWOFACTOR: '%{INT:unix_epoch}\.%{INT}\.%{INT} \[.*\] %{USERNAME:username} - %{IP:source_ip} global miniserv.pl "failed" "-" "twofactor"'
8
9nodes:
10    - grok:
11          pattern: "%{WEBMIN_AUTH_WRONG_PASS}"
12          apply_on: message
13          statics:
14              - meta: log_type
15                value: webmin_failed_auth_wrong_pass
16    - grok:
17          pattern: "%{WEBMIN_AUTH_TWOFACTOR}"
18          apply_on: message
19          statics:
20              - meta: log_type
21                value: webmin_failed_auth_twofactor
22
23statics:
24    - meta: service
25      value: webmin
26    - meta: username
27      expression: evt.Parsed.username
28    - meta: source_ip
29      expression: "evt.Parsed.source_ip"
30    - target: evt.StrTime
31      expression: "evt.Parsed.unix_epoch"
32

Hub configuration

« webmin-logs »v0.2 by andreasbrettLog parser

« webmin-logs »
v0.2 by andreasbrett
Log parser