You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 lines
875 B
23 lines
875 B
onsuccess: next_stage
|
|
debug: true
|
|
name: haileyxb/freeswitch
|
|
description: "Parse Freeswitch logs"
|
|
filter: evt.Parsed.program == 'freeswitch'
|
|
pattern_syntax:
|
|
FS_TIMESTAMP: '\d{4}-\d{2}-\d{2} \d\d:\d\d:\d\d.\d{6}'
|
|
FS_EXTENSION: '\[[%0-9a-zA-Z]+@[0-9a-zA-Z.]+\]'
|
|
nodes:
|
|
- grok:
|
|
pattern: ^%{FS_TIMESTAMP:timestamp} \[WARNING\] sofia_reg.c:1739 SIP auth failure \(REGISTER\) on sofia profile \'internal\' for %{FS_EXTENSION:fs_exten} from ip %{IP:source_ip}$
|
|
apply_on: Line.Raw
|
|
onsuccess: next_stage
|
|
- grok:
|
|
pattern: ^%{FS_TIMESTAMP} \[WARNING\] sofia_reg.c:2930 Can\'t find user %{FS_EXTENSION:fs_exten} from %{IP:source_ip}$
|
|
onsuccess: next_stage
|
|
statics:
|
|
- meta: log_type
|
|
value: freeswitch_failed_auth
|
|
- meta: source_ip
|
|
expression: "evt.Parsed.source_ip"
|
|
- meta: exten
|
|
expression: "evt.Parsed.fs_exten"
|
|
|