mailu-admin-logs Log Parser

« mailu-admin-logs »
v0.1 by mwinters-stuff
Log parser

Parse mailu-admin logs

Installation

cscli parsers install mwinters-stuff/mailu-admin-logs

Description

Parser for the mailu admin containers logs to get rate limited authentication attempts.

YAML Configuration

1# debug: true
2onsuccess: next_stage
3name: mwinters-stuff/mailu-admin-logs
4description: "Parse mailu-admin logs"
5filter: "evt.Parsed.program == 'mailu-admin'"
6grok:
7  pattern:  "\\[%{TIMESTAMP_ISO8601:timestamp8601},.*\\] WARNING in limiter: Authentication attempt from %{IP:source_ip} has been rate-limited."
8  apply_on: message
9statics:
10  - meta: log_type
11    value: mailu_admin_auth_attempt
12  - meta: service
13    value: mailu-admin
14  - meta: source_ip 
15    expression: "evt.Parsed.source_ip"
16  - target: evt.StrTime
17    expression: "evt.Parsed.timestamp8601"
18

Hub configuration

« mailu-admin-logs »v0.1 by mwinters-stuffLog parser

« mailu-admin-logs »
v0.1 by mwinters-stuff
Log parser