kasm-logs Log Parser

« kasm-logs »
v0.1 by crowdsecurity
Log parser

Parse kasm logs

Installation

cscli parsers install crowdsecurity/kasm-logs

YAML Configuration

1filter: "evt.Parsed.program startsWith 'kasm'"
2onsuccess: next_stage
3# debug: true
4name: crowdsecurity/kasm-logs
5description: "Parse kasm logs"
6nodes:
7  - grok:
8      pattern: '%{IPORHOST:remote_ip}(,%{GREEDYDATA:proxies})?'
9      expression: JsonExtract(evt.Line.Raw, "request_ip")
10statics:
11  - meta: service
12    value: kasm
13  - target: evt.StrTime
14    expression: JsonExtract(evt.Line.Raw, "timestamp")
15  - meta: metric_name
16    expression: JsonExtract(evt.Line.Raw, "metric_name")
17  - meta: source_ip
18    expression: evt.Parsed.remote_ip
19  - meta: http_user_agent
20    expression: JsonExtract(evt.Line.Raw, "user_agent")
21  - meta: http_path
22    expression: JsonExtract(evt.Line.Raw, "path_info")

Hub configuration

« kasm-logs »v0.1 by crowdsecurityLog parser

« kasm-logs »
v0.1 by crowdsecurity
Log parser