bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
f7af00565c7b8164993623a945b099ae1121d667
zira-etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/mysql-logs.yaml
bms8197 f7af00565c committing changes in /etc made by "-bash" 
Package changes:
2023-06-12 09:31:52 +03:00

14 lines
526 B
YAML
Raw Blame History

onsuccess: next_stage
name: crowdsecurity/mysql-logs
description: "Parse MySQL logs"
filter: "evt.Parsed.program == 'mysql'"
grok:
pattern: "%{TIMESTAMP_ISO8601:time} %{NUMBER} \\[Note\\]( \\[%{DATA:err_code}\\] \\[%{DATA:subsystem}\\])? Access denied for user '%{DATA:user}'@'%{IP:source_ip}' \\(using password: %{WORD:using_password}\\)"
apply_on: message
statics:
- meta: log_type
value: mysql_failed_auth
- meta: source_ip
expression: "evt.Parsed.source_ip"
- meta: user
expression: "evt.Parsed.user"
Reference in New Issue View Git Blame Copy Permalink