miniflux-logs Log Parser

« miniflux-logs »
v0.1 by jbowdre
Log parser

Parse Miniflux logs

Installation

cscli parsers install jbowdre/miniflux-logs

Description

Parser for Miniflux Logs.

Set LOG_DATE_TIME=1 so Miniflux will timestamp the logs.

---
source: docker
container_name:
 - miniflux
labels:
  type: miniflux

YAML Configuration

1onsuccess: next_stage
2#debug: false
3name: jbowdre/miniflux-logs
4description: "Parse Miniflux logs"
5filter: "evt.Parsed.program == 'miniflux'"
6
7nodes:
8  - grok:
9      pattern: '.*time=%{DATA:timestamp} .*authentication_failed=true client_ip=%{IP:source_ip} .*username=%{USERNAME:username} .*error="store: invalid password for \\"%{USERNAME}\\".*"'
10      # miniflux  | time=2024-01-12T22:55:30.265Z level=WARN msg="Incorrect username or password" authentication_failed=true client_ip=192.168.0.254 user_agent="Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" username=user1 error="store: invalid password for \"user1\" (crypto/bcrypt: hashedPassword is not the hash of the given password)"
11      apply_on: message
12      statics:
13        - meta: log_type
14          value: miniflux_failed_auth
15        - meta: log_subtype
16          value: miniflux_bad_password
17        - meta: evt.StrTimeFormat
18          value: "2006-01-02T15:04:05.999Z"
19  - grok:
20      pattern: '.*time=%{DATA:timestamp} .*authentication_failed=true client_ip=%{IP:source_ip} .*username=%{USERNAME:username} .*error="store: unable to find this user: %{USERNAME}"'
21      # miniflux  | time=2024-01-12T22:54:56.307Z level=WARN msg="Incorrect username or password" authentication_failed=true client_ip=192.168.0.254 user_agent="Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" username=hacker1 error="store: unable to find this user: hacker1"
22      apply_on: message
23      statics:
24        - meta: log_type
25          value: miniflux_failed_auth
26        - meta: log_subtype
27          value: miniflux_bad_user
28        - meta: evt.StrTimeFormat
29          value: "2006-01-02T15:04:05.999Z"
30
31statics:
32    - meta: service
33      value: miniflux
34    - meta: user
35      expression: evt.Parsed.username
36    - meta: source_ip
37      expression: evt.Parsed.source_ip
38    - target: evt.StrTime
39      expression: evt.Parsed.timestamp
40
41

Hub configuration

« miniflux-logs »v0.1 by jbowdreLog parser

« miniflux-logs »
v0.1 by jbowdre
Log parser