cscli parsers install crowdsecurity/odoo-logs
Odoo authentication failure parser.
1onsuccess: next_stage2name: crowdsecurity/odoo-logs3description: "Parse Odoo logs"4filter: "evt.Parsed.program == 'odoo'"5nodes:6 - grok:7 pattern: '%{TIMESTAMP_ISO8601:timestamp} %{INT:PID} INFO %{DATA:db_name} odoo.addons.base.models.res_users: Login failed for db:%{DATA} login:%{DATA:user} from %{IP:source_ip}'8 apply_on: message9statics:10 - meta: log_type11 value: odoo_failed_auth12 - meta: source_ip13 expression: "evt.Parsed.source_ip"14 - meta: user15 expression: "evt.Parsed.user"16 - meta: db17 expression: "evt.Parsed.db_name"18 - target: evt.StrTime19 expression: evt.Parsed.timestamp