cscli parsers install crowdsecurity/pfsense-gui-logsA parser for pfSense web authentication (failed) logs.
Those logs are usually present in /var/log/auth.log.
1onsuccess: next_stage2filter: "evt.Parsed.program == 'php-fpm'"3name: crowdsecurity/pfsense-gui-logs4description: "Parse pfSense web auth logs"5grok:6 pattern: "/index.php: webConfigurator authentication error for user '%{USERNAME:username}' from: %{IPORHOST:source_ip}"7 apply_on: message8statics:9 - meta: service10 value: pfsense-gui11 - meta: username12 expression: "evt.Parsed.username"13 - meta: source_ip14 expression: evt.Parsed.source_ip15 - meta: log_type16 value: pfsense-gui-failed-auth17