Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.112
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
etc /
crowdsec /
parsers /
s02-enrich /
Delete
Unzip
Name
Size
Permission
Date
Action
dateparse-enrich.yaml
285
B
-rw-r--r--
2024-10-04 14:15
geoip-enrich.yaml
1.31
KB
-rw-r--r--
2024-10-04 14:15
http-logs.yaml
1.49
KB
-rw-r--r--
2024-10-04 14:15
whitelists.yaml
319
B
-rw-r--r--
2023-03-31 18:42
Save
Rename
filter: "evt.Meta.service == 'http' && evt.Meta.log_type in ['http_access-log', 'http_error-log']" description: "Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource" name: crowdsecurity/http-logs pattern_syntax: DIR: "^.*/" FILE: "[^/].*?" EXT: "\\.[^.]*$|$" nodes: - statics: - parsed: "impact_completion" # the value of a field can as well be determined as the result of an expression expression: "evt.Meta.http_status in ['404', '403', '502'] ? 'false' : 'true'" - target: evt.Parsed.static_ressource value: 'false' # let's split the path?query if possible - grok: pattern: "^%{GREEDYDATA:request}\\?%{GREEDYDATA:http_args}$" apply_on: request # this is another node, with its own pattern_syntax - #debug: true grok: pattern: "%{DIR:file_dir}(%{FILE:file_frag}%{EXT:file_ext})?" apply_on: request statics: - meta: http_path expression: "evt.Parsed.http_path" # meta af - meta: http_args_len expression: "len(evt.Parsed.http_args)" - parsed: file_name expression: evt.Parsed.file_frag + evt.Parsed.file_ext - parsed: static_ressource expression: "Upper(evt.Parsed.file_ext) in ['.JPG', '.CSS', '.JS', '.JPEG', '.PNG', '.SVG', '.MAP', '.ICO', '.OTF', '.GIF', '.MP3', '.MP4', '.WOFF', '.WOFF2', '.TTF', '.OTF', '.EOT', '.WEBP', '.WAV', '.GZ', '.BROTLI', '.BVR', '.TS', '.BMP', '.AVIF'] ? 'true' : 'false'"