fri/vs
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Gašper Dobrovoljc
2025-11-12 13:09:01 +01:00
commit 0666924962
7 changed files with 119 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
siem-elastic-template/elastic/parsers.conf Normal file
View File

@@ -0,0 +1,7 @@
[PARSER]
Name http_access_custom
Format regex
Regex ^(?<host>\S+)\s+(?<ident>\S+)\s+(?<user>\S+)\s+\[(?<time>[^\]]+)\]\s+"(?<method>\S+)\s+(?<path>\S+)\s+(?<protocol>[^"]+)"\s+(?<code>\d{3})\s+(?<size>\S+)$
Time_Key time
Time_Format %d/%b/%Y %H:%M:%S
Types code:integer