jellyfin-whitelist Log Parser

« jellyfin-whitelist »
v0.2 by crowdsecurity
Log parser

Whitelist events from jellyfin

Installation

cscli parsers install crowdsecurity/jellyfin-whitelist

Description

When playing videos a POST request is made to /Sessions/Playing/Progress, Jellyfin will return a 403.

When browsing Jellyfin on Roku and Swiftfin, a GET request is made for non-existent images and Jellyfin will return a 404.

YAML Configuration

1name: crowdsecurity/jellyfin-whitelist
2description: "Whitelist events from jellyfin"
3filter: "evt.Meta.service == 'http' && evt.Meta.log_type in ['http_access-log', 'http_error-log']"
4whitelist:
5  reason: "Jellyfin whitelist"
6  expression:
7   - evt.Meta.http_status == '403' && evt.Meta.http_verb == 'POST' && evt.Meta.http_path contains "/Sessions/Playing/Progress" # When playing videos
8   - evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path matches '(?i)^/items/.+?/images/(thumb|primary)' # when browsing on Roku or Swiftfin Clients
9

Hub configuration

« jellyfin-whitelist »v0.2 by crowdsecurityLog parser

« jellyfin-whitelist »
v0.2 by crowdsecurity
Log parser