Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.119
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
etc /
crowdsec /
parsers /
s00-raw /
Delete
Unzip
Name
Size
Permission
Date
Action
syslog-logs.yaml
1.61
KB
-rw-r--r--
2024-10-04 14:15
Save
Rename
#If it's syslog, we are going to extract progname from it filter: "evt.Line.Labels.type == 'syslog'" onsuccess: next_stage pattern_syntax: RAW_SYSLOG_PREFIX: '^<%{NUMBER:stuff1}>%{NUMBER:stuff2} %{SYSLOGBASE2} %{DATA:program} %{NUMBER:pid}' RAW_SYSLOG_META: '\[meta sequenceId="%{NOTDQUOTE:seq_id}"\]' name: crowdsecurity/syslog-logs nodes: - grok: #this is a named regular expression. grok patterns can be kept into separate files for readability pattern: "^%{SYSLOGLINE}" #This is the field of the `Event` to which the regexp should be applied apply_on: Line.Raw - grok: #a second pattern for unparsed syslog lines, as saw in opnsense pattern: '%{RAW_SYSLOG_PREFIX} - %{RAW_SYSLOG_META} %{GREEDYDATA:message}' apply_on: Line.Raw #if the node was successfull, statics will be applied. statics: - meta: machine expression: evt.Parsed.logsource - parsed: "logsource" value: "syslog" # syslog date can be in two different fields (one of hte assignment will fail) - target: evt.StrTime expression: evt.Parsed.timestamp - target: evt.StrTime expression: evt.Parsed.timestamp8601 - meta: datasource_path expression: evt.Line.Src - meta: datasource_type expression: evt.Line.Module --- #if it's not syslog, the type is the progname filter: "evt.Line.Labels.type != 'syslog'" onsuccess: next_stage name: crowdsecurity/non-syslog #debug: true statics: - parsed: message expression: evt.Line.Raw - parsed: program expression: evt.Line.Labels.type - meta: datasource_path expression: evt.Line.Src - meta: datasource_type expression: evt.Line.Module