diff --git a/.index.json b/.index.json index 22a55060003..99330429791 100644 --- a/.index.json +++ b/.index.json @@ -8088,7 +8088,7 @@ "crowdsecurity/nginx-logs": { "path": "parsers/s01-parse/crowdsecurity/nginx-logs.yaml", "stage": "s01-parse", - "version": "1.6", + "version": "1.7", "versions": { "0.1": { "digest": "60ba29ab5a5a49214664344b57403fab932e70bb1493203e83dc7df4f66b2059", @@ -8153,10 +8153,14 @@ "1.6": { "digest": "538990ce5b01974ddd29c948de56322b92de56f6d9e70fc7f45415ce8af3858d", "deprecated": false + }, + "1.7": { + "digest": "f6818d92a779ff63fc4bae96e646da09820e97f93758f5620ae9dd14c8f1e5e5", + "deprecated": false } }, "long_description": "QSBnZW5lcmljIHBhcnNlciBmb3IgbmdpbngsIHN1cHBvcnQgYm90aCBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MuClRoaXMgcGFyc2VyIHN1cHBvcnQgYWxzbyBpbmdyZXNzIG5naW54IGNvbnRyb2xsZXIgZGVmYXVsdCBbbG9nX2Zvcm1hdF0oaHR0cHM6Ly9rdWJlcm5ldGVzLmdpdGh1Yi5pby9pbmdyZXNzLW5naW54L3VzZXItZ3VpZGUvbmdpbngtY29uZmlndXJhdGlvbi9sb2ctZm9ybWF0LykKCgoqbm90ZSA6ICogSWYgeW91IGFyZSBhZ2dyZWdhdGluZyBsb2dzIGZyb20gc2V2ZXJhbCBkb21haW5zLCBwcmVmaXggeW91ciBsb2dsaW5lIHdpdGggdGhlIHRhcmdldCBGUUROLiBIVFRQIGJhc2VkIHNjZW5hcmlvcyBzaG91bGQgdGFrZSB0aGlzIGludG8gYWNjb3VudCBzbyB0aGF0IGJ1Y2tldHMgYXJlIF9wZXJfIHNvdXJjZSBJUCBwZXIgdGFyZ2V0IEZRRE4sIGxpbWl0aW5nIGZhbHNlIHBvc2l0aXZlcyBkdWUgdG8gbG9ncyBtdWx0aXBsZXhpbmcuCgo=", - "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ25naW54JyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG5naW54IGFjY2VzcyBhbmQgZXJyb3IgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgTkdDVVNUT01VU0VSOiAnW2EtekEtWjAtOVwuXEBcLVwrXyVdKycKICBOR0NVU1RPTVVSSVBBVEg6ICIoPzovW0EtWmEtejAtOSQuKyEqJ1xcKFxcKVxce1xcfSx+Ojs9QFxcIyUmX1xcLV0qKSsiCiAgTkdDVVNUT01VUklQQVRIUEFSQU06ICcle05HQ1VTVE9NVVJJUEFUSH0oPzole1VSSVBBUkFNfSk/Jwpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le0lQT1JIT1NUOnJlbW90ZV9hZGRyfSAtICV7TkdDVVNUT01VU0VSOnJlbW90ZV91c2VyfT8gXFsle0hUVFBEQVRFOnRpbWVfbG9jYWx9XF0gIiV7V09SRDp2ZXJifSAle0RBVEE6cmVxdWVzdH0gSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259IiAle05VTUJFUjpzdGF0dXN9ICV7TlVNQkVSOmJvZHlfYnl0ZXNfc2VudH0gIiV7Tk9URFFVT1RFOmh0dHBfcmVmZXJlcn0iICIle05PVERRVU9URTpodHRwX3VzZXJfYWdlbnR9IiggJXtOVU1CRVI6cmVxdWVzdF9sZW5ndGh9ICV7TlVNQkVSOnJlcXVlc3RfdGltZX0gXFsle0RBVEE6cHJveHlfdXBzdHJlYW1fbmFtZX1cXSBcWyV7REFUQTpwcm94eV9hbHRlcm5hdGl2ZV91cHN0cmVhbV9uYW1lfVxdKT8nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lX2xvY2FsCiAgLSBncm9rOgogICAgICAjIGFuZCB0aGlzIG9uZSB0aGUgZXJyb3IgbG9nCiAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le05HSU5YRVJSVElNRTp0aW1lfSBcWyV7TE9HTEVWRUw6bG9nbGV2ZWx9XF0gJXtOT05ORUdJTlQ6cGlkfSMle05PTk5FR0lOVDp0aWR9OiAoXCole05PTk5FR0lOVDpjaWR9ICk/JXtHUkVFRFlEQVRBOm1lc3NhZ2V9LCBjbGllbnQ6ICV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9LCBzZXJ2ZXI6ICV7REFUQTp0YXJnZXRfZnFkbn0sIHJlcXVlc3Q6ICIle1dPUkQ6dmVyYn0gKFteL10rKT8le05HQ1VTVE9NVVJJUEFUSFBBUkFNOnJlcXVlc3R9KCBIVFRQLyV7TlVNQkVSOmh0dHBfdmVyc2lvbn0pPyIsIGhvc3Q6ICIle0lQT1JIT1NUfSg6JXtOT05ORUdJTlR9KT8iJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBodHRwX2Vycm9yLWxvZwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgTk9fRE9VQkxFX1FVT1RFOiAnW14iXSsnCiAgICBvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKICAgIG5vZGVzOgogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnd2FzIG5vdCBmb3VuZCBpbiciCiAgICAgICAgcGF0dGVybl9zeW50YXg6CiAgICAgICAgICBVU0VSX05PVF9GT1VORDogJ3VzZXIgIiV7Tk9fRE9VQkxFX1FVT1RFOnVzZXJuYW1lfSIgd2FzIG5vdCBmb3VuZCBpbiAiJXtOT19ET1VCTEVfUVVPVEV9IicKICAgICAgICBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7VVNFUl9OT1RfRk9VTkR9JwogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogImF1dGhfZmFpbCIKICAgICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAncGFzc3dvcmQgbWlzbWF0Y2gnIgogICAgICAgIHBhdHRlcm5fc3ludGF4OgogICAgICAgICAgUEFTU1dPUkRfTUlTTUFUQ0g6ICd1c2VyICIle05PX0RPVUJMRV9RVU9URTp1c2VybmFtZX0iOiBwYXNzd29yZCBtaXNtYXRjaCcKICAgICAgICBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7UEFTU1dPUkRfTUlTTUFUQ0h9JwogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogImF1dGhfZmFpbCIKICAgICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnbGltaXRpbmcgcmVxdWVzdHMsIGV4Y2VzcyciCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJyZXFfbGltaXRfZXhjZWVkZWQiCiAgIyMgUGFyc2UgbWFsZm9ybWVkIHJlcXVlc3RzCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnKCV7SVBPUkhPU1Q6dGFyZ2V0X2ZxZG59ICk/JXtJUE9SSE9TVDpyZW1vdGVfYWRkcn0gLSAoJXtOR1VTRVI6cmVtb3RlX3VzZXJ9KT8gXFsle0hUVFBEQVRFOnRpbWVfbG9jYWx9XF0gIiV7REFUQTpyZXF1ZXN0fSIgJXtOVU1CRVI6c3RhdHVzfSAle05VTUJFUjpib2R5X2J5dGVzX3NlbnR9ICIle05PVERRVU9URTpodHRwX3JlZmVyZXJ9IiAiJXtOT1REUVVPVEU6aHR0cF91c2VyX2FnZW50fSIoICV7TlVNQkVSOnJlcXVlc3RfbGVuZ3RofSAle05VTUJFUjpyZXF1ZXN0X3RpbWV9IFxbJXtEQVRBOnByb3h5X3Vwc3RyZWFtX25hbWV9XF0gXFsle0RBVEE6cHJveHlfYWx0ZXJuYXRpdmVfdXBzdHJlYW1fbmFtZX1cXSk/JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lX2xvY2FsCiAgICAjIHRoZXNlIG9uZXMgYXBwbHkgZm9yIGJvdGggZ3JvayBwYXR0ZXJucwpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGh0dHAKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2FkZHIiCiAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3RhdHVzIgogIC0gbWV0YTogaHR0cF9wYXRoCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZXF1ZXN0IgogIC0gbWV0YTogaHR0cF92ZXJiCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC52ZXJiIgogIC0gbWV0YTogaHR0cF91c2VyX2FnZW50CiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5odHRwX3VzZXJfYWdlbnQiCiAgLSBtZXRhOiB0YXJnZXRfZnFkbgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGFyZ2V0X2ZxZG4iCg==", + "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ25naW54JyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG5naW54IGFjY2VzcyBhbmQgZXJyb3IgbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgTkdDVVNUT01VU0VSOiAnW2EtekEtWjAtOVwuXEBcLVwrXyVdKycKICBOR0NVU1RPTVVSSVBBVEg6ICIoPzovW0EtWmEtejAtOSQuKyEqJ1xcKFxcKVxce1xcfSx+Ojs9QFxcIyUmX1xcLV0qKSsiCiAgTkdDVVNUT01VUklQQVRIUEFSQU06ICcle05HQ1VTVE9NVVJJUEFUSH0oPzole1VSSVBBUkFNfSk/Jwpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0oOiV7SU5UOnBvcnR9KT8gKT8le0lQT1JIT1NUOnJlbW90ZV9hZGRyfSAtICV7TkdDVVNUT01VU0VSOnJlbW90ZV91c2VyfT8gXFsle0hUVFBEQVRFOnRpbWVfbG9jYWx9XF0gIiV7V09SRDp2ZXJifSAle0RBVEE6cmVxdWVzdH0gSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259IiAle05VTUJFUjpzdGF0dXN9ICV7TlVNQkVSOmJvZHlfYnl0ZXNfc2VudH0gIiV7Tk9URFFVT1RFOmh0dHBfcmVmZXJlcn0iICIle05PVERRVU9URTpodHRwX3VzZXJfYWdlbnR9IiggJXtOVU1CRVI6cmVxdWVzdF9sZW5ndGh9ICV7TlVNQkVSOnJlcXVlc3RfdGltZX0gXFsle0RBVEE6cHJveHlfdXBzdHJlYW1fbmFtZX1cXSBcWyV7REFUQTpwcm94eV9hbHRlcm5hdGl2ZV91cHN0cmVhbV9uYW1lfVxdKT8nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGh0dHBfYWNjZXNzLWxvZwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lX2xvY2FsCiAgLSBncm9rOgogICAgICAjIGFuZCB0aGlzIG9uZSB0aGUgZXJyb3IgbG9nCiAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le05HSU5YRVJSVElNRTp0aW1lfSBcWyV7TE9HTEVWRUw6bG9nbGV2ZWx9XF0gJXtOT05ORUdJTlQ6cGlkfSMle05PTk5FR0lOVDp0aWR9OiAoXCole05PTk5FR0lOVDpjaWR9ICk/JXtHUkVFRFlEQVRBOm1lc3NhZ2V9LCBjbGllbnQ6ICV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9LCBzZXJ2ZXI6ICV7REFUQTp0YXJnZXRfZnFkbn0sIHJlcXVlc3Q6ICIle1dPUkQ6dmVyYn0gKFteL10rKT8le05HQ1VTVE9NVVJJUEFUSFBBUkFNOnJlcXVlc3R9KCBIVFRQLyV7TlVNQkVSOmh0dHBfdmVyc2lvbn0pPyIsIGhvc3Q6ICIle0lQT1JIT1NUfSg6JXtOT05ORUdJTlR9KT8iJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBodHRwX2Vycm9yLWxvZwogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgTk9fRE9VQkxFX1FVT1RFOiAnW14iXSsnCiAgICBvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKICAgIG5vZGVzOgogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnd2FzIG5vdCBmb3VuZCBpbiciCiAgICAgICAgcGF0dGVybl9zeW50YXg6CiAgICAgICAgICBVU0VSX05PVF9GT1VORDogJ3VzZXIgIiV7Tk9fRE9VQkxFX1FVT1RFOnVzZXJuYW1lfSIgd2FzIG5vdCBmb3VuZCBpbiAiJXtOT19ET1VCTEVfUVVPVEV9IicKICAgICAgICBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7VVNFUl9OT1RfRk9VTkR9JwogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogImF1dGhfZmFpbCIKICAgICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAncGFzc3dvcmQgbWlzbWF0Y2gnIgogICAgICAgIHBhdHRlcm5fc3ludGF4OgogICAgICAgICAgUEFTU1dPUkRfTUlTTUFUQ0g6ICd1c2VyICIle05PX0RPVUJMRV9RVU9URTp1c2VybmFtZX0iOiBwYXNzd29yZCBtaXNtYXRjaCcKICAgICAgICBncm9rOgogICAgICAgICAgcGF0dGVybjogJyV7UEFTU1dPUkRfTUlTTUFUQ0h9JwogICAgICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiBzdWJfdHlwZQogICAgICAgICAgICB2YWx1ZTogImF1dGhfZmFpbCIKICAgICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC51c2VybmFtZQogICAgICAtIGZpbHRlcjogImV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnbGltaXRpbmcgcmVxdWVzdHMsIGV4Y2VzcyciCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJyZXFfbGltaXRfZXhjZWVkZWQiCiAgIyMgUGFyc2UgbWFsZm9ybWVkIHJlcXVlc3RzCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnKCV7SVBPUkhPU1Q6dGFyZ2V0X2ZxZG59ICk/JXtJUE9SSE9TVDpyZW1vdGVfYWRkcn0gLSAoJXtOR1VTRVI6cmVtb3RlX3VzZXJ9KT8gXFsle0hUVFBEQVRFOnRpbWVfbG9jYWx9XF0gIiV7REFUQTpyZXF1ZXN0fSIgJXtOVU1CRVI6c3RhdHVzfSAle05VTUJFUjpib2R5X2J5dGVzX3NlbnR9ICIle05PVERRVU9URTpodHRwX3JlZmVyZXJ9IiAiJXtOT1REUVVPVEU6aHR0cF91c2VyX2FnZW50fSIoICV7TlVNQkVSOnJlcXVlc3RfbGVuZ3RofSAle05VTUJFUjpyZXF1ZXN0X3RpbWV9IFxbJXtEQVRBOnByb3h5X3Vwc3RyZWFtX25hbWV9XF0gXFsle0RBVEE6cHJveHlfYWx0ZXJuYXRpdmVfdXBzdHJlYW1fbmFtZX1cXSk/JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgc3RhdGljczoKICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lX2xvY2FsCiAgICAjIHRoZXNlIG9uZXMgYXBwbHkgZm9yIGJvdGggZ3JvayBwYXR0ZXJucwpzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGh0dHAKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2FkZHIiCiAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3RhdHVzIgogIC0gbWV0YTogaHR0cF9wYXRoCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZXF1ZXN0IgogIC0gbWV0YTogaHR0cF92ZXJiCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC52ZXJiIgogIC0gbWV0YTogaHR0cF91c2VyX2FnZW50CiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5odHRwX3VzZXJfYWdlbnQiCiAgLSBtZXRhOiB0YXJnZXRfZnFkbgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGFyZ2V0X2ZxZG4iCg==", "description": "Parse nginx access and error logs", "author": "crowdsecurity", "labels": null diff --git a/.tests/nginx_http-logs/nginx_http-logs.log b/.tests/nginx_http-logs/nginx_http-logs.log index 3fb929f904c..38cd1ec9014 100644 --- a/.tests/nginx_http-logs/nginx_http-logs.log +++ b/.tests/nginx_http-logs/nginx_http-logs.log @@ -1,6 +1,7 @@ -5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" -52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" -195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -2021/12/01 13:53:33 [error] 31#31: *46 "/usr/share/nginx/html/market/index.html" is not found (2: No such file or directory), client: 172.17.0.1, server: localhost, request: "GET /market/ HTTP/1.1", host: "localhost" \ No newline at end of file +192.168.1.1 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" +192.168.1.1 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" +www.crowdsec.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" +www.crowdsec11.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" +www.crowdsec11.net:80 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" +2021/12/01 13:53:33 [error] 31#31: *46 "/usr/share/nginx/html/market/index.html" is not found (2: No such file or directory), client: 172.17.0.1, server: localhost, request: "GET /market/ HTTP/1.1", host: "localhost" diff --git a/.tests/nginx_http-logs/parser.assert b/.tests/nginx_http-logs/parser.assert index 177b006fe79..cb77fa39ee0 100644 --- a/.tests/nginx_http-logs/parser.assert +++ b/.tests/nginx_http-logs/parser.assert @@ -1,507 +1,627 @@ len(results) == 4 -len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 6 +len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 7 results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] \"GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1\" 404 522 \"-\" \"Go-http-client/1.1\"" +results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:07:25:02 +0000] \"GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1\" 404 522 \"-\" \"Go-http-client/1.1\"" results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "nginx" results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"] == "nginx_http-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] \"GET /index.php/nous-contacter/ HTTP/1.1\" 500 550 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"" +results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:08:41:43 +0000] \"GET /index.php/nous-contacter/ HTTP/1.1\" 500 550 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"" results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "nginx" results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"] == "nginx_http-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][2].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["program"] == "nginx" results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_path"] == "nginx_http-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][3].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "www.crowdsec.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["program"] == "nginx" results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_path"] == "nginx_http-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][4].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "www.crowdsec11.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["program"] == "nginx" results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_path"] == "nginx_http-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][5].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["message"] == "2021/12/01 13:53:33 [error] 31#31: *46 \"/usr/share/nginx/html/market/index.html\" is not found (2: No such file or directory), client: 172.17.0.1, server: localhost, request: \"GET /market/ HTTP/1.1\", host: \"localhost\"" +results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["message"] == "www.crowdsec11.net:80 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 301 0 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["program"] == "nginx" results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_path"] == "nginx_http-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_type"] == "file" -len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 6 +results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][6].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["message"] == "2021/12/01 13:53:33 [error] 31#31: *46 \"/usr/share/nginx/html/market/index.html\" is not found (2: No such file or directory), client: 172.17.0.1, server: localhost, request: \"GET /market/ HTTP/1.1\", host: \"localhost\"" +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["program"] == "nginx" +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Whitelisted == false +len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 7 results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][4].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][5].Success == false -len(results["s01-parse"]["crowdsecurity/nginx-logs"]) == 6 +results["s00-raw"]["crowdsecurity/syslog-logs"][6].Success == false +len(results["s01-parse"]["crowdsecurity/nginx-logs"]) == 7 results["s01-parse"]["crowdsecurity/nginx-logs"][0].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["body_bytes_sent"] == "522" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["http_referer"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["http_user_agent"] == "Go-http-client/1.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["http_version"] == "1.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:07:25:02 +0000] \"GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1\" 404 522 \"-\" \"Go-http-client/1.1\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["remote_addr"] == "192.168.1.1" results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["remote_user"] == "-" results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["request"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo" results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["status"] == "404" -results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["http_version"] == "1.1" -results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["message"] == "5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] \"GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1\" 404 522 \"-\" \"Go-http-client/1.1\"" -results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["program"] == "nginx" -results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["remote_addr"] == "5.5.8.5" -results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["http_referer"] == "-" -results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["http_user_agent"] == "Go-http-client/1.1" -results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["body_bytes_sent"] == "522" results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["time_local"] == "04/Jan/2020:07:25:02 +0000" results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Parsed["verb"] == "GET" -results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["log_type"] == "http_access-log" -results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["service"] == "http" -results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["source_ip"] == "5.5.8.5" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_path"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo" results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_status"] == "404" results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_user_agent"] == "Go-http-client/1.1" results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["http_verb"] == "GET" -results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["datasource_path"] == "nginx_http-logs.log" -results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Meta["source_ip"] == "192.168.1.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][0].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/nginx-logs"][1].Success == true -results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["time_local"] == "04/Jan/2020:08:41:43 +0000" results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["body_bytes_sent"] == "550" -results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["request"] == "/index.php/nous-contacter/" -results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["status"] == "500" -results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" -results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["verb"] == "GET" -results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["message"] == "52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] \"GET /index.php/nous-contacter/ HTTP/1.1\" 500 550 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"" -results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["remote_addr"] == "52.59.61.4" results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["http_referer"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["http_version"] == "1.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:08:41:43 +0000] \"GET /index.php/nous-contacter/ HTTP/1.1\" 500 550 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"" results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["remote_addr"] == "192.168.1.1" results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["remote_user"] == "-" -results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_status"] == "500" -results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["request"] == "/index.php/nous-contacter/" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["status"] == "500" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["time_local"] == "04/Jan/2020:08:41:43 +0000" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Parsed["verb"] == "GET" results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_path"] == "/index.php/nous-contacter/" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_status"] == "500" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_verb"] == "GET" results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["log_type"] == "http_access-log" results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["service"] == "http" -results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["source_ip"] == "52.59.61.4" -results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["datasource_type"] == "file" -results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Meta["source_ip"] == "192.168.1.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][1].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/nginx-logs"][2].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["body_bytes_sent"] == "803" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["http_referer"] == "-" results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["status"] == "500" -results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["http_version"] == "1.1" -results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["verb"] == "GET" -results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["http_referer"] == "-" -results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["request"] == "/solr/admin/info/system?wt=json" -results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["body_bytes_sent"] == "803" -results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["message"] == "195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["message"] == "192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["program"] == "nginx" -results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["remote_addr"] == "195.54.160.135" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["remote_addr"] == "192.168.1.1" results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["request"] == "/solr/admin/info/system?wt=json" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["status"] == "500" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Parsed["verb"] == "GET" results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json" results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["http_status"] == "500" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["http_verb"] == "GET" results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["log_type"] == "http_access-log" results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["service"] == "http" -results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["source_ip"] == "195.54.160.135" -results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["datasource_type"] == "file" -results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json" -results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Meta["source_ip"] == "192.168.1.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][2].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/nginx-logs"][3].Success == true -results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" -results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["verb"] == "GET" results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["body_bytes_sent"] == "803" -results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["remote_addr"] == "1.2.3.4" -results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["target_fqdn"] == "www.crowdsec.net" -results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["message"] == "www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" -results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["program"] == "nginx" -results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["remote_user"] == "-" results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["http_referer"] == "-" -results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["http_version"] == "1.1" -results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["status"] == "500" results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["http_version"] == "1.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["message"] == "www.crowdsec.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["remote_addr"] == "192.168.1.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["remote_user"] == "-" results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["request"] == "/solr/admin/info/system?wt=json" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["status"] == "500" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["target_fqdn"] == "www.crowdsec.net" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Parsed["verb"] == "GET" results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["datasource_path"] == "nginx_http-logs.log" results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["datasource_type"] == "file" -results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["target_fqdn"] == "www.crowdsec.net" results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json" results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["http_status"] == "500" results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["http_verb"] == "GET" results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["log_type"] == "http_access-log" results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["service"] == "http" -results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["source_ip"] == "1.2.3.4" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["source_ip"] == "192.168.1.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Meta["target_fqdn"] == "www.crowdsec.net" +results["s01-parse"]["crowdsecurity/nginx-logs"][3].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/nginx-logs"][4].Success == true -results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["remote_addr"] == "1.2.3.5" -results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG" -results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net" -results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["status"] == "500" -results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["verb"] == "GET" results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["body_bytes_sent"] == "803" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["http_referer"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["http_version"] == "1.1" -results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["message"] == "www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["message"] == "www.crowdsec11.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["remote_addr"] == "192.168.1.1" results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["status"] == "500" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net" results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" -results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["http_referer"] == "-" -results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Parsed["verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["http_path"] == "/test/uppercase/extensions.JPG" results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["http_status"] == "500" results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["http_verb"] == "GET" results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["log_type"] == "http_access-log" -results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["datasource_path"] == "nginx_http-logs.log" -results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["datasource_type"] == "file" -results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["source_ip"] == "1.2.3.5" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["source_ip"] == "192.168.1.1" results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Meta["target_fqdn"] == "www.crowdsec11.net" +results["s01-parse"]["crowdsecurity/nginx-logs"][4].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/nginx-logs"][5].Success == true -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["verb"] == "GET" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["message"] == "\"/usr/share/nginx/html/market/index.html\" is not found (2: No such file or directory)" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["tid"] == "31" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["loglevel"] == "error" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["pid"] == "31" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["program"] == "nginx" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["remote_addr"] == "172.17.0.1" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["request"] == "/market/" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["target_fqdn"] == "localhost" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["cid"] == "46" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["body_bytes_sent"] == "0" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["http_referer"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["http_version"] == "1.1" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["time"] == "2021/12/01 13:53:33" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["service"] == "http" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["source_ip"] == "172.17.0.1" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["target_fqdn"] == "localhost" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["message"] == "www.crowdsec11.net:80 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 301 0 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["port"] == "80" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["remote_addr"] == "192.168.1.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["remote_user"] == "-" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["status"] == "301" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Parsed["verb"] == "GET" results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["datasource_path"] == "nginx_http-logs.log" results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["datasource_type"] == "file" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["http_path"] == "/market/" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["http_path"] == "/test/uppercase/extensions.JPG" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["http_status"] == "301" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["http_verb"] == "GET" -results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["log_type"] == "http_error-log" -len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 6 +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["source_ip"] == "192.168.1.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Meta["target_fqdn"] == "www.crowdsec11.net" +results["s01-parse"]["crowdsecurity/nginx-logs"][5].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Success == true +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["cid"] == "46" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["http_version"] == "1.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["loglevel"] == "error" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["message"] == "\"/usr/share/nginx/html/market/index.html\" is not found (2: No such file or directory)" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["pid"] == "31" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["program"] == "nginx" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["remote_addr"] == "172.17.0.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["request"] == "/market/" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["target_fqdn"] == "localhost" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["tid"] == "31" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["time"] == "2021/12/01 13:53:33" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Parsed["verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["http_path"] == "/market/" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["http_verb"] == "GET" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["log_type"] == "http_error-log" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["source_ip"] == "172.17.0.1" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Meta["target_fqdn"] == "localhost" +results["s01-parse"]["crowdsecurity/nginx-logs"][6].Evt.Whitelisted == false +len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 7 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["request"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["verb"] == "GET" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["remote_user"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["body_bytes_sent"] == "522" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["http_referer"] == "-" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["http_user_agent"] == "Go-http-client/1.1" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["http_version"] == "1.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["remote_addr"] == "5.5.8.5" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:07:25:02 +0000] \"GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1\" 404 522 \"-\" \"Go-http-client/1.1\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["remote_addr"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["request"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["status"] == "404" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["body_bytes_sent"] == "522" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] \"GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1\" 404 522 \"-\" \"Go-http-client/1.1\"" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["time_local"] == "04/Jan/2020:07:25:02 +0000" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["http_referer"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2020-01-04T07:25:02Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_path"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "http" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "5.5.8.5" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_status"] == "404" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_user_agent"] == "Go-http-client/1.1" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_verb"] == "GET" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"] == "http_access-log" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_path"] == "nginx_http-logs.log" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_type"] == "file" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_status"] == "404" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2020-01-04T07:25:02Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2020-01-04T07:25:02Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["program"] == "nginx" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["time_local"] == "04/Jan/2020:08:41:43 +0000" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["body_bytes_sent"] == "550" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] \"GET /index.php/nous-contacter/ HTTP/1.1\" 500 550 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["remote_addr"] == "52.59.61.4" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["remote_user"] == "-" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["http_referer"] == "-" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["http_version"] == "1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:08:41:43 +0000] \"GET /index.php/nous-contacter/ HTTP/1.1\" 500 550 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["remote_addr"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["request"] == "/index.php/nous-contacter/" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["status"] == "500" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["time_local"] == "04/Jan/2020:08:41:43 +0000" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["verb"] == "GET" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["request"] == "/index.php/nous-contacter/" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2020-01-04T08:41:43Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_path"] == "/index.php/nous-contacter/" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_status"] == "500" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_verb"] == "GET" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "52.59.61.4" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_path"] == "/index.php/nous-contacter/" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["log_type"] == "http_access-log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2020-01-04T08:41:43Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2020-01-04T08:41:43Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["body_bytes_sent"] == "803" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["http_version"] == "1.1" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["http_referer"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["request"] == "/solr/admin/info/system?wt=json" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["http_version"] == "1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["program"] == "nginx" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["remote_addr"] == "195.54.160.135" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["remote_addr"] == "192.168.1.1" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["request"] == "/solr/admin/info/system?wt=json" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["status"] == "500" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["verb"] == "GET" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_status"] == "500" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "195.54.160.135" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_verb"] == "GET" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["log_type"] == "http_access-log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["verb"] == "GET" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["body_bytes_sent"] == "803" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["remote_user"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["status"] == "500" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["http_referer"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["http_version"] == "1.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["target_fqdn"] == "www.crowdsec.net" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["remote_addr"] == "1.2.3.4" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["request"] == "/solr/admin/info/system?wt=json" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["http_version"] == "1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "www.crowdsec.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["program"] == "nginx" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "1.2.3.4" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["remote_addr"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["request"] == "/solr/admin/info/system?wt=json" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["status"] == "500" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["target_fqdn"] == "www.crowdsec.net" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["verb"] == "GET" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_status"] == "500" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_verb"] == "GET" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["log_type"] == "http_access-log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["service"] == "http" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_type"] == "file" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_status"] == "500" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "192.168.1.1" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["target_fqdn"] == "www.crowdsec.net" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["body_bytes_sent"] == "803" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["http_referer"] == "-" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["remote_addr"] == "1.2.3.5" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["http_version"] == "1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "www.crowdsec11.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["remote_addr"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["remote_user"] == "-" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["status"] == "500" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["http_referer"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "nginx" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["http_version"] == "1.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["remote_user"] == "-" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["verb"] == "GET" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["body_bytes_sent"] == "803" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "1.2.3.5" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"] == "nginx_http-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_path"] == "/test/uppercase/extensions.JPG" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_status"] == "500" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_verb"] == "GET" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "192.168.1.1" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["target_fqdn"] == "www.crowdsec11.net" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"] == "nginx_http-logs.log" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_status"] == "500" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "http" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["pid"] == "31" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["remote_addr"] == "172.17.0.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["tid"] == "31" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["time"] == "2021/12/01 13:53:33" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["cid"] == "46" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["body_bytes_sent"] == "0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["http_referer"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["http_version"] == "1.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["loglevel"] == "error" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == "\"/usr/share/nginx/html/market/index.html\" is not found (2: No such file or directory)" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == "www.crowdsec11.net:80 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 301 0 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["port"] == "80" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["program"] == "nginx" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["request"] == "/market/" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["target_fqdn"] == "localhost" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["remote_addr"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["status"] == "301" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["verb"] == "GET" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_path"] == "nginx_http-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_path"] == "/test/uppercase/extensions.JPG" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_status"] == "301" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["log_type"] == "http_access-log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["service"] == "http" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_path"] == "/market/" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["log_type"] == "http_error-log" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["source_ip"] == "172.17.0.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["target_fqdn"] == "localhost" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"] == "2021-12-01T13:53:33Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"] == "2021-12-01T13:53:33Z" -len(results["s02-enrich"]["crowdsecurity/http-logs"]) == 6 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["source_ip"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["target_fqdn"] == "www.crowdsec11.net" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Whitelisted == false +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["cid"] == "46" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["http_version"] == "1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["loglevel"] == "error" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["message"] == "\"/usr/share/nginx/html/market/index.html\" is not found (2: No such file or directory)" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["pid"] == "31" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["remote_addr"] == "172.17.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["request"] == "/market/" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["target_fqdn"] == "localhost" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["tid"] == "31" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["time"] == "2021/12/01 13:53:33" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["http_path"] == "/market/" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["log_type"] == "http_error-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["source_ip"] == "172.17.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["target_fqdn"] == "localhost" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["timestamp"] == "2021-12-01T13:53:33Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Enriched["MarshaledTime"] == "2021-12-01T13:53:33Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Whitelisted == false +len(results["s02-enrich"]["crowdsecurity/http-logs"]) == 7 results["s02-enrich"]["crowdsecurity/http-logs"][0].Success == true -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["remote_user"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["status"] == "404" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["verb"] == "GET" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["body_bytes_sent"] == "522" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["http_referer"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["remote_addr"] == "5.5.8.5" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["request"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["file_name"] == "FMuukC2JOJ5HKmLBujjE_BkDo" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["message"] == "5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] \"GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1\" 404 522 \"-\" \"Go-http-client/1.1\"" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["time_local"] == "04/Jan/2020:07:25:02 +0000" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["program"] == "nginx" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["file_dir"] == "/.well-known/acme-challenge/" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["file_frag"] == "FMuukC2JOJ5HKmLBujjE_BkDo" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["file_name"] == "FMuukC2JOJ5HKmLBujjE_BkDo" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["http_referer"] == "-" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["http_user_agent"] == "Go-http-client/1.1" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["http_version"] == "1.1" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["impact_completion"] == "false" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:07:25:02 +0000] \"GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1\" 404 522 \"-\" \"Go-http-client/1.1\"" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["remote_addr"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["request"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["static_ressource"] == "false" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["status"] == "404" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["time_local"] == "04/Jan/2020:07:25:02 +0000" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["verb"] == "GET" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_args_len"] == "0" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_path"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_status"] == "404" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_user_agent"] == "Go-http-client/1.1" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_verb"] == "GET" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["log_type"] == "http_access-log" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["source_ip"] == "192.168.1.1" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["timestamp"] == "2020-01-04T07:25:02Z" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["datasource_path"] == "nginx_http-logs.log" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["datasource_type"] == "file" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_path"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_args_len"] == "0" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_user_agent"] == "Go-http-client/1.1" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["source_ip"] == "5.5.8.5" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Enriched["MarshaledTime"] == "2020-01-04T07:25:02Z" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/http-logs"][1].Success == true -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["remote_user"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["status"] == "500" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["time_local"] == "04/Jan/2020:08:41:43 +0000" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["verb"] == "GET" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["remote_addr"] == "52.59.61.4" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["static_ressource"] == "false" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["body_bytes_sent"] == "550" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["http_version"] == "1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["file_dir"] == "/index.php/nous-contacter/" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["http_referer"] == "-" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["http_version"] == "1.1" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["impact_completion"] == "true" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["message"] == "52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] \"GET /index.php/nous-contacter/ HTTP/1.1\" 500 550 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:08:41:43 +0000] \"GET /index.php/nous-contacter/ HTTP/1.1\" 500 550 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["remote_addr"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["remote_user"] == "-" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["request"] == "/index.php/nous-contacter/" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["file_dir"] == "/index.php/nous-contacter/" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["http_verb"] == "GET" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["source_ip"] == "52.59.61.4" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["timestamp"] == "2020-01-04T08:41:43Z" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["log_type"] == "http_access-log" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["static_ressource"] == "false" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["status"] == "500" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["time_local"] == "04/Jan/2020:08:41:43 +0000" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["verb"] == "GET" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["datasource_path"] == "nginx_http-logs.log" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["http_args_len"] == "0" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["http_path"] == "/index.php/nous-contacter/" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["http_status"] == "500" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["source_ip"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["timestamp"] == "2020-01-04T08:41:43Z" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Enriched["MarshaledTime"] == "2020-01-04T08:41:43Z" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/http-logs"][2].Success == true -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["http_args"] == "wt=json" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["static_ressource"] == "false" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["body_bytes_sent"] == "803" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["file_dir"] == "/solr/admin/info/" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["file_frag"] == "system" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["file_name"] == "system" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["http_args"] == "wt=json" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["http_referer"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["http_version"] == "1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["impact_completion"] == "true" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["message"] == "192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["program"] == "nginx" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["body_bytes_sent"] == "803" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["file_dir"] == "/solr/admin/info/" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["verb"] == "GET" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["remote_addr"] == "192.168.1.1" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["remote_user"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["status"] == "500" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["impact_completion"] == "true" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["request"] == "/solr/admin/info/system" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["file_frag"] == "system" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["message"] == "195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["remote_addr"] == "195.54.160.135" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["http_verb"] == "GET" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["service"] == "http" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["static_ressource"] == "false" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["status"] == "500" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["verb"] == "GET" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["http_args_len"] == "7" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["http_status"] == "500" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["http_verb"] == "GET" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["log_type"] == "http_access-log" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["source_ip"] == "195.54.160.135" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["source_ip"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/http-logs"][3].Success == true +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["body_bytes_sent"] == "803" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["file_dir"] == "/solr/admin/info/" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["message"] == "www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["remote_addr"] == "1.2.3.4" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["remote_user"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["target_fqdn"] == "www.crowdsec.net" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["file_frag"] == "system" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["impact_completion"] == "true" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["verb"] == "GET" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["body_bytes_sent"] == "803" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["file_name"] == "system" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["http_args"] == "wt=json" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["http_referer"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["program"] == "nginx" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["status"] == "500" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["file_name"] == "system" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["http_version"] == "1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["impact_completion"] == "true" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["message"] == "www.crowdsec.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["remote_addr"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["remote_user"] == "-" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["request"] == "/solr/admin/info/system" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["static_ressource"] == "false" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["datasource_type"] == "file" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["source_ip"] == "1.2.3.4" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["status"] == "500" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["target_fqdn"] == "www.crowdsec.net" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["verb"] == "GET" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["http_args_len"] == "7" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["http_status"] == "500" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["http_verb"] == "GET" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["source_ip"] == "192.168.1.1" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["target_fqdn"] == "www.crowdsec.net" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/http-logs"][4].Success == true results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["body_bytes_sent"] == "803" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["file_dir"] == "/test/uppercase/" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["file_ext"] == ".JPG" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["file_frag"] == "extensions" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["file_name"] == "extensions.JPG" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["http_referer"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["http_version"] == "1.1" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["impact_completion"] == "true" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["message"] == "www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["message"] == "www.crowdsec11.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["remote_addr"] == "192.168.1.1" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["static_ressource"] == "true" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["status"] == "500" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["verb"] == "GET" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["file_ext"] == ".JPG" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["remote_addr"] == "1.2.3.5" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["file_frag"] == "extensions" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["http_referer"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["static_ressource"] == "true" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["verb"] == "GET" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["datasource_path"] == "nginx_http-logs.log" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_status"] == "500" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_verb"] == "GET" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["source_ip"] == "1.2.3.5" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["target_fqdn"] == "www.crowdsec11.net" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_args_len"] == "0" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_path"] == "/test/uppercase/extensions.JPG" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_status"] == "500" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_verb"] == "GET" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["log_type"] == "http_access-log" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["source_ip"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["target_fqdn"] == "www.crowdsec11.net" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/http-logs"][5].Success == true -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["tid"] == "31" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["pid"] == "31" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["body_bytes_sent"] == "0" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["file_dir"] == "/test/uppercase/" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["file_ext"] == ".JPG" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["file_frag"] == "extensions" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["file_name"] == "extensions.JPG" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["http_referer"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["http_version"] == "1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["impact_completion"] == "true" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["message"] == "www.crowdsec11.net:80 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 301 0 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\"" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["port"] == "80" results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["program"] == "nginx" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["loglevel"] == "error" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["static_ressource"] == "false" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["time"] == "2021/12/01 13:53:33" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["cid"] == "46" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["file_dir"] == "/market/" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["request"] == "/market/" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["target_fqdn"] == "localhost" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["remote_addr"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["remote_user"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["static_ressource"] == "true" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["status"] == "301" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000" results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["verb"] == "GET" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["impact_completion"] == "true" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["message"] == "\"/usr/share/nginx/html/market/index.html\" is not found (2: No such file or directory)" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["remote_addr"] == "172.17.0.1" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["http_version"] == "1.1" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["source_ip"] == "172.17.0.1" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["timestamp"] == "2021-12-01T13:53:33Z" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_args_len"] == "0" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["datasource_path"] == "nginx_http-logs.log" results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["datasource_type"] == "file" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_path"] == "/market/" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_args_len"] == "0" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_path"] == "/test/uppercase/extensions.JPG" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_status"] == "301" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_verb"] == "GET" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["log_type"] == "http_error-log" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["log_type"] == "http_access-log" results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["service"] == "http" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["target_fqdn"] == "localhost" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["datasource_path"] == "nginx_http-logs.log" -results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Enriched["MarshaledTime"] == "2021-12-01T13:53:33Z" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["source_ip"] == "192.168.1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["target_fqdn"] == "www.crowdsec11.net" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Whitelisted == false +results["s02-enrich"]["crowdsecurity/http-logs"][6].Success == true +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["cid"] == "46" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["file_dir"] == "/market/" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["http_version"] == "1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["impact_completion"] == "true" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["loglevel"] == "error" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["message"] == "\"/usr/share/nginx/html/market/index.html\" is not found (2: No such file or directory)" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["pid"] == "31" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["program"] == "nginx" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["remote_addr"] == "172.17.0.1" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["request"] == "/market/" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["static_ressource"] == "false" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["target_fqdn"] == "localhost" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["tid"] == "31" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["time"] == "2021/12/01 13:53:33" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["verb"] == "GET" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["datasource_path"] == "nginx_http-logs.log" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["http_args_len"] == "0" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["http_path"] == "/market/" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["http_verb"] == "GET" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["log_type"] == "http_error-log" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["source_ip"] == "172.17.0.1" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["target_fqdn"] == "localhost" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["timestamp"] == "2021-12-01T13:53:33Z" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Enriched["MarshaledTime"] == "2021-12-01T13:53:33Z" +results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Whitelisted == false len(results["success"][""]) == 0 diff --git a/parsers/s01-parse/crowdsecurity/nginx-logs.yaml b/parsers/s01-parse/crowdsecurity/nginx-logs.yaml index d65a893e22e..0173d132c6e 100644 --- a/parsers/s01-parse/crowdsecurity/nginx-logs.yaml +++ b/parsers/s01-parse/crowdsecurity/nginx-logs.yaml @@ -8,7 +8,7 @@ pattern_syntax: NGCUSTOMURIPATHPARAM: '%{NGCUSTOMURIPATH}(?:%{URIPARAM})?' nodes: - grok: - pattern: '(%{IPORHOST:target_fqdn} )?%{IPORHOST:remote_addr} - %{NGCUSTOMUSER:remote_user}? \[%{HTTPDATE:time_local}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:http_version}" %{NUMBER:status} %{NUMBER:body_bytes_sent} "%{NOTDQUOTE:http_referer}" "%{NOTDQUOTE:http_user_agent}"( %{NUMBER:request_length} %{NUMBER:request_time} \[%{DATA:proxy_upstream_name}\] \[%{DATA:proxy_alternative_upstream_name}\])?' + pattern: '(%{IPORHOST:target_fqdn}(:%{INT:port})? )?%{IPORHOST:remote_addr} - %{NGCUSTOMUSER:remote_user}? \[%{HTTPDATE:time_local}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:http_version}" %{NUMBER:status} %{NUMBER:body_bytes_sent} "%{NOTDQUOTE:http_referer}" "%{NOTDQUOTE:http_user_agent}"( %{NUMBER:request_length} %{NUMBER:request_time} \[%{DATA:proxy_upstream_name}\] \[%{DATA:proxy_alternative_upstream_name}\])?' apply_on: message statics: - meta: log_type