cscli parsers install crowdsecurity/http-logsThis parser is a generic post-parsing http re-parser and profides more detailed information such as :
1filter: "evt.Meta.service == 'http' && evt.Meta.log_type in ['http_access-log', 'http_error-log']"2description: "Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource"3name: crowdsecurity/http-logs4pattern_syntax:5 DIR: "^.*/"6 FILE: "[^/].*?"7 EXT: "\\.[^.]*$|$"8nodes:9 - statics:10 - parsed: "impact_completion"11 # the value of a field can as well be determined as the result of an expression12 expression: "evt.Meta.http_status in ['404', '403', '502'] ? 'false' : 'true'"13 - target: evt.Parsed.static_ressource14 value: 'false'15 # let's split the path?query if possible16 - grok:17 pattern: "^%{GREEDYDATA:request}\\?%{GREEDYDATA:http_args}$"18 apply_on: request19 # this is another node, with its own pattern_syntax20 - #debug: true21 grok:22 pattern: "%{DIR:file_dir}(%{FILE:file_frag}%{EXT:file_ext})?"23 apply_on: request24 statics:25 - meta: http_path26 expression: "evt.Parsed.http_path"27 # meta af28 - meta: http_args_len29 expression: "len(evt.Parsed.http_args)"30 - parsed: file_name31 expression: evt.Parsed.file_frag + evt.Parsed.file_ext32 - parsed: static_ressource33 expression: "Upper(evt.Parsed.file_ext) in ['.JPG', '.CSS', '.JS', '.JPEG', '.PNG', '.SVG', '.MAP', '.ICO', '.OTF', '.GIF', '.MP3', '.MP4', '.WOFF', '.WOFF2', '.TTF', '.OTF', '.EOT', '.WEBP', '.WAV', '.GZ', '.BROTLI', '.BVR', '.TS', '.BMP', '.AVIF', '.MJS'] ? 'true' : 'false'"34