lemonldap-ng Configuration

« lemonldap-ng »
v0.1 by firewallservices
Log parser

Parse Lemonldap::NG logs

Installation

cscli parsers install firewallservices/lemonldap-ng

Description

Parses Lemonldap::NG logs and detects failed authentication. Only working if using an LDAP or AD authentication backend for now.

YAML Configuration

1filter: "evt.Parsed.program in ['LLNG','lemonldap-ng']"
2name: firewall-services/lemonldap-ng-logs
3description: "Parse Lemonldap::NG logs"
4onsuccess: next_stage
5#debug: true
6nodes:
7  - grok:
8      pattern: (\[warn\]|Lemonldap::NG :) %{USERNAME:user} was not found in LDAP directory \(%{IP:src_ip}\)
9      apply_on: message
10  - grok:
11      pattern: (\[warn\]|Lemonldap::NG :) Bad password for %{USERNAME:user} \(%{IP:src_ip}\)
12      apply_on: message
13statics:
14  - meta: service
15    value: llng
16  - meta: user
17    expression: "evt.Parsed.user"
18  - meta: log_type
19    value: llng_auth_fail
20  - meta: source_ip
21    expression: "evt.Parsed.src_ip"
22

Hub configuration

« lemonldap-ng »v0.1 by firewallservicesLog parser

« lemonldap-ng »
v0.1 by firewallservices
Log parser