supabase-docker-pgsql Configuration

« supabase-docker-pgsql »
v0.1 by crowdsecurity
Log parser

Parse PgSQL logs

Installation

cscli parsers install crowdsecurity/supabase-docker-pgsql

Description

Parser for postgres flavor provided by supabase docker compose deployment.

YAML Configuration

1onsuccess: next_stage
2name: crowdsecurity/supabase-docker-pgsql
3description: "Parse PgSQL logs"
4filter: "evt.Parsed.program == 'postgres'"
5nodes:
6  - grok:
7    #supabase docker compose postgres password auth fail
8      pattern: '%{IPORHOST:source_ip} %{TIMESTAMP_ISO8601:timestamp} %{WORD:zone} \[%{INT:PID}\] %{USERNAME:pgsql_user}@%{GREEDYDATA:pgsql_dbname} FATAL:  %{WORD:auth_method} authentication failed for user "%{USERNAME:pgsql_target_user}"'
9      apply_on: message
10
11statics:
12  - meta: log_type
13    value: pgsql_failed_auth
14  - meta: auth_method
15    expression: "evt.Parsed.auth_method"
16  - meta: source_ip
17    expression: "evt.Parsed.source_ip"
18  - meta: user
19    expression: "evt.Parsed.pgsql_target_user"
20  - meta: db
21    expression: "evt.Parsed.pgsql_dbname"
22  - target: evt.StrTime
23    expression: evt.Parsed.timestamp

Hub configuration

« supabase-docker-pgsql »v0.1 by crowdsecurityLog parser

« supabase-docker-pgsql »
v0.1 by crowdsecurity
Log parser