radarr-logs Log Parser

« radarr-logs »
v0.2 by schiz0phr3ne
Log parser

Parse Radarr Logs

Installation

cscli parsers install schiz0phr3ne/radarr-logs

Description

Parser for Radarr Logs.

---
source: file
filenames:
 - /var/log/syslog
labels:
  type: syslog
---
source: file
filenames:
 - /var/log/radarr.txt
labels:
  type: Radarr

YAML Configuration

1onsuccess: next_stage
2filter: "evt.Parsed.program == 'Radarr'"
3name: schiz0phr3ne/radarr-logs
4description: "Parse Radarr Logs"
5pattern_syntax:
6  DATE_YMD: "%{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:day}"
7nodes:
8  - grok:
9      pattern: '^\[Warn\] Auth: Auth-Failure ip %{IP:source_ip} username %{DATA:username}$'
10      apply_on: message
11    onsuccess: next_stage
12  - grok:
13      pattern: "%{DATE_YMD:date} %{TIME:time}\\|%{WORD:log_level}\\|Auth\\|Auth-Failure ip %{IPORHOST:source_ip} username '%{NOTDQUOTE:username}'"
14      apply_on: message
15      statics:
16        - target: evt.Parsed.timestamp
17          expression: "evt.Parsed.date + ' ' + evt.Parsed.time"
18    onsuccess: next_stage
19
20statics:
21    - meta: service
22      value: radarr
23    - meta: source_ip
24      expression: "evt.Parsed.source_ip"
25    - target: evt.StrTime
26      expression: "evt.Parsed.timestamp"
27    - meta: username
28      expression: evt.Parsed.username
29    - meta: log_type
30      value: radarr_failed_authentication
31

Hub configuration

« radarr-logs »v0.2 by schiz0phr3neLog parser

« radarr-logs »
v0.2 by schiz0phr3ne
Log parser