hailey
/
crowdsec
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixing some regex... but I still think something is wrong with it.

Browse Source
main
Hailey Clark 4 years ago
parent ba4a7bdf4e
commit b04dcae037
1 changed files with 1 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      parsers/s01-parse/freeswitch.yaml

5
parsers/s01-parse/freeswitch.yaml
Unescape View File

@ -4,15 +4,12 @@ name: haileyxb/freeswitch
description: "Parse Freeswitch logs"
filter: evt.Parsed.program == 'freeswitch'
pattern_syntax:
FS_TIMESTAMP: '202[1-2]-[0-1][0-9]-[0-1]\d \d\d:\d\d:\d\d.\d+'
FS_TIMESTAMP: '\d{4}-\d{2}-\d{2} \d\d:\d\d:\d\d.\d{6}'
FS_EXTENSION: '\[[0-9a-zA-Z]+@[0-9a-zA-Z.]+\]'
nodes:
- grok:
pattern: ^%{FS_TIMESTAMP:timestamp} \[WARNING\]sofia_reg.c:1739 SIP auth failure (REGISTER) on sofia profile 'internal' for %{FS_EXTENSION:fs_exten} from ip %{IP:source_ip}$
apply_on: message
- grok:
pattern: ^%{FS_TIMESTAMP:timestamp} \[WARNING\]sofia_reg.c:2930 Can\'t find user %{FS_EXTENSION:fs_exten} from %{IP:source_ip}$
apply_on: message
statics:
- meta: log_type
value: freeswitch_failed_auth

Write Preview
Loading…
Cancel
Save