cscli parsers install crowdsecurity/base-upsun-httplog-logsThis is the base parser for Upsun HTTP logs received via the HTTP logs integration. It parses the structured logs from Upsun applications and extracts relevant metadata.
When using this parser, you need to specify in your acquis.yaml the type upsun-httplog. The parser will extract the application name, instance, and other metadata from the structured Upsun log format.
It's recommended to install it via the upsun collection
1source: http2listen_addr: 127.0.0.1:88883path: /4auth_type: headers5headers:6 crowdsecLogForward: yourHeaderHere7labels:8 type: upsun-httplog9log-level: warn
The parser extracts:
This parser is designed to work with the Upsun collection and processes logs sent via HTTP from Upsun's logging integration.
1filter: "evt.Line.Labels.type == 'upsun-httplog'"2onsuccess: next_stage3pattern_syntax:4 UPSUN_APP_PREFIX: '^%{DATA:appname}\.%{INT:app_instance}'5name: crowdsecurity/base-upsun-httplog-logs6nodes:7 - filter: UnmarshalJSON(evt.Line.Raw, evt.Unmarshaled, "upsunMsg") in ["", nil]8 grok:9 pattern: '%{UPSUN_APP_PREFIX} %{WORD:program}: %{GREEDYDATA:message}'10 expression: evt.Unmarshaled.upsunMsg.message11#if the node was successfull, statics will be applied.12statics:13 - meta: machine14 expression: evt.Parsed.logsource15 - parsed: "logsource"16 value: "upsun-httplog"17 - meta: datasource_path18 expression: evt.Line.Src19 - meta: datasource_type20 expression: evt.Line.Module21 - meta: upsunEnv22 expression: evt.Unmarshaled.upsunMsg.metadata.environment23 - meta: upsunProject24 expression: evt.Unmarshaled.upsunMsg.metadata.project