docker-logs Configuration

« docker-logs »
v0.1 by crowdsecurity
Log parser

docker json logs parser

Installation

cscli parsers install crowdsecurity/docker-logs

Description

This is the default docker json logs format parser. It works on kubernetes using docker.

When using this parser, you need to specify in your acquis.yaml type and program. So your log will be extracted and then sent to the proper next parser using the program key.

example:

labels:
 type: docker
 program: nginx

YAML Configuration

1#If it's docker, we are going to extract log line from it
2filter: "evt.Line.Labels.type == 'docker'"
3onsuccess: next_stage
4name: crowdsecurity/docker-logs
5description: docker json logs parser
6statics:
7  - target: evt.StrTime
8    expression: JsonExtract(evt.Line.Raw, "time")
9  - parsed: message
10    expression: JsonExtractUnescape(evt.Line.Raw, "log")
11  - parsed: program
12    expression: evt.Line.Labels.program

Hub configuration

« docker-logs »v0.1 by crowdsecurityLog parser

« docker-logs »
v0.1 by crowdsecurity
Log parser