authentik-logs Configuration

« authentik-logs »
v0.1 by firix
Log parser

Parse Authentik logs

Installation

cscli parsers install firix/authentik-logs

Description

Parser for Authentik Logs.

---
filenames:
 - /var/log/authentik.log
labels:
  type: authentik

---
source: docker
container_name:
 - authentik
labels:
  type: authentik

YAML Configuration

1name: firix/authentik-logs
2description: "Parse Authentik logs"
3filter: "Lower(evt.Parsed.program) == 'authentik'"
4onsuccess: next_stage
5nodes:
6  - filter: "JsonExtract(evt.Parsed.message, 'action') == 'login_failed'"
7    statics:
8      - meta: log_type
9        value: authentik_failed_auth
10      - meta: username
11        expression: JsonExtract(evt.Parsed.message, "context.username")
12  - filter: "JsonExtract(evt.Parsed.message, 'action') == 'invalid_identifier'"
13    statics:
14      - meta: log_type
15        value: authentik_invalid_username
16      - meta: username
17        expression: JsonExtract(evt.Parsed.message, "identifier")
18statics:
19  - meta: service
20    value: authentik
21  - meta: source_ip
22    expression: JsonExtract(evt.Parsed.message, "client_ip")
23  - target: evt.StrTime
24    expression: JsonExtract(evt.Parsed.message, "timestamp") + "Z"
25

Hub configuration

« authentik-logs »v0.1 by firixLog parser

« authentik-logs »
v0.1 by firix
Log parser