configserver-lfd-logs Configuration

« configserver-lfd-logs »
v0.2 by crowdsecurity
Log parser

Parse ConfigServer LFD logs

Installation

cscli parsers install crowdsecurity/configserver-lfd-logs

Description

Parser for ConfigSerer LFD file logs.

YAML Configuration

1onsuccess: next_stage
2filter: "evt.Parsed.program == 'lfd'"
3name: crowdsecurity/configserver-lfd-logs
4description: "Parse ConfigServer LFD logs"
5grok:
6  pattern: "Failed SSH login from %{IP:source_ip} \\(%{NOTSPACE:country_code}/%{GREEDYDATA:country_name}/%{NOTSPACE:source_rdns}\\): %{GREEDYDATA:reason}"
7  apply_on: message
8  statics:
9    - meta: source_ip
10      expression: "evt.Parsed.source_ip"
11    - meta: reason
12      expression: "evt.Parsed.reason"

Hub configuration

« configserver-lfd-logs »v0.2 by crowdsecurityLog parser

« configserver-lfd-logs »
v0.2 by crowdsecurity
Log parser