home-assistant-logs Log Parser

« home-assistant-logs »
v0.5 by crowdsecurity
Log parser

Parse Home Assistant logs

Installation

cscli parsers install crowdsecurity/home-assistant-logs

Description

Home assistant authentication failure parser.

Supports homeassistant docker image and HassOS logs.

YAML Configuration

1onsuccess: next_stage
2name: crowdsecurity/home-assistant-logs
3description: "Parse Home Assistant logs"
4filter: "evt.Parsed.program == 'home-assistant' or evt.Parsed.program endsWith 'homeassistant'"
5pattern_syntax:
6  TIMESTAMP: '%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND}'
7nodes:
8  - grok:
9      pattern: "%{TIMESTAMP:time} WARNING \\(%{DATA:threadName}\\) \\[homeassistant.components.http.ban\\] Login attempt or request with invalid authentication from %{DATA:source_rdns} \\(%{IPORHOST:source_ip}\\). \\(%{GREEDYDATA:http_user_agent}\\)"
10      apply_on: message
11      statics:
12        - meta: log_type
13          value: home-assistant_failed_auth
14  - grok:
15      pattern: "%{TIMESTAMP:time} WARNING \\(%{DATA:threadName}\\) \\[homeassistant.components.http.ban\\] Login attempt or request with invalid authentication from %{DATA:source_rdns} \\(%{IPORHOST:source_ip}\\). Requested URL: '%{GREEDYDATA:url}'. \\(%{GREEDYDATA:http_user_agent}\\)"
16      apply_on: message
17      statics:
18        - meta: log_type
19          value: home-assistant_failed_auth
20statics:
21  - target: StrTime
22    expression: "evt.Parsed.time"
23  - meta: service
24    value: http
25  - meta: source_ip
26    expression: "evt.Parsed.source_ip"
27  - meta: source_rdns
28    expression: "evt.Parsed.source_rdns"
29

Hub configuration

« home-assistant-logs »v0.5 by crowdsecurityLog parser

« home-assistant-logs »
v0.5 by crowdsecurity
Log parser