odoo-logs Log Parser

« odoo-logs »
v0.1 by crowdsecurity
Log parser

Parse Odoo logs

Installation

cscli parsers install crowdsecurity/odoo-logs

Description

Odoo authentication failure parser.

Reference: https://www.odoo.com/documentation/15.0/administration/install/deploy.html#blocking-brute-force-attacks

YAML Configuration

1onsuccess: next_stage
2name: crowdsecurity/odoo-logs
3description: "Parse Odoo logs"
4filter: "evt.Parsed.program == 'odoo'"
5nodes:
6  - grok:
7      pattern: '%{TIMESTAMP_ISO8601:timestamp} %{INT:PID} INFO %{DATA:db_name} odoo.addons.base.models.res_users: Login failed for db:%{DATA} login:%{DATA:user} from %{IP:source_ip}'
8      apply_on: message
9statics:
10  - meta: log_type
11    value: odoo_failed_auth
12  - meta: source_ip
13    expression: "evt.Parsed.source_ip"
14  - meta: user
15    expression: "evt.Parsed.user"
16  - meta: db
17    expression: "evt.Parsed.db_name"
18  - target: evt.StrTime
19    expression: evt.Parsed.timestamp

Hub configuration

« odoo-logs »v0.1 by crowdsecurityLog parser

« odoo-logs »
v0.1 by crowdsecurity
Log parser