File size: 4,462 Bytes
785400f
5eb9b10
785400f
 
672611b
d3d8436
 
785400f
 
31fea3a
785400f
 
 
 
 
 
 
 
 
 
31fea3a
785400f
 
 
 
 
 
 
 
 
31fea3a
 
 
 
 
 
 
 
 
 
 
 
c42cb7b
 
672611b
c42cb7b
 
 
 
 
 
cca9430
 
 
c94b474
 
cca9430
 
c94b474
 
cca9430
 
 
 
 
 
 
672611b
 
 
 
 
 
 
 
 
 
 
 
 
31fea3a
c42cb7b
 
672611b
c42cb7b
 
 
 
 
 
31fea3a
 
 
672611b
31fea3a
 
 
 
 
 
 
 
 
 
 
 
 
 
 
785400f
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
log_definitions = {
    "apache": {
        "sep": " ",
        "fields": [
            {"name": "datetime", "pos": slice(1, 5), "type": "datetime"},
            {"name": "status", "pos": 5, "type": int},
            {"name": "message", "pos": slice(6, None), "type": str},
        ],
    },
    "auth": {
        "sep": " ",
        "fields": [
            {"name": "month", "pos": 0, "type": str},
            {"name": "day", "pos": 1, "type": int},
            {"name": "time", "pos": 2, "type": "datetime"},
            {"name": "hostname", "pos": 3, "type": str},
            {"name": "service", "pos": 4, "type": str},
            {"name": "message", "pos": slice(5, None), "type": str},
        ],
    },
    "dns": {
        "sep": " ",
        "fields": [
            {"name": "date", "pos": 0, "type": "datetime"},
            {"name": "time", "pos": 1, "type": "datetime"},
            {"name": "query", "pos": 2, "type": str},
            {"name": "domain", "pos": 3, "type": str},
            {"name": "record_type", "pos": 4, "type": str},
        ],
    },
    "firewall": {
        "sep": " ",
        "fields": [
            {"name": "month", "pos": 0, "type": str},
            {"name": "day", "pos": 1, "type": int},
            {"name": "time", "pos": 2, "type": "datetime"},
            {"name": "host", "pos": 3, "type": str},
            {"name": "kernel", "pos": 4, "type": str},
            {"name": "message", "pos": slice(5, None), "type": str},
        ],
    },
    "linux": {
        "sep": " ",
        "fields": [
            {"name": "datetime", "pos": slice(1, 3), "type": "datetime"},
            {"name": "level", "pos": 3, "type": str},
            {"name": "component", "pos": 4, "type": str},
            {"name": "pid", "pos": 5, "type": str},
            {"name": "Content", "pos": slice(6, None), "type": str},
        ],
    },
    "log": {
        "sep": ";",
        "fields": [
            {"name": "timestamp", "pos": 0, "type": "datetime"},
            {"name": "ipsource", "pos": 1, "type": str},
            {"name": "ipdestination", "pos": 2, "type": str},
            {"name": "protocole", "pos": 3, "type": str},
            {"name": "portsource", "pos": 4, "type": int},
            {"name": "portdest", "pos": 5, "type": int},
            {"name": "regle1", "pos": 6, "type": str},
            {"name": "status", "pos": 7, "type": str},
            {"name": "interface", "pos": 8, "type": str},
            {"name": "inconnu", "pos": 9, "type": str},
            {"name": "regle2", "pos": 10, "type": str},
        ],
    },
    "nginx": {
        "sep": " ",
        "fields": [
            {"name": "time", "pos": slice(1, 2), "type": "datetime"},
            {"name": "remote_ip", "pos": 2, "type": str},
            {"name": "remote_user", "pos": 3, "type": str},
            {"name": "request", "pos": slice(4, 7), "type": str},
            {"name": "response", "pos": 7, "type": str},
            {"name": "bytes", "pos": 8, "type": str},
            {"name": "referrer", "pos": 9, "type": str},
            {"name": "agent", "pos": slice(10, 13), "type": str},
        ],
    },
    "ssh": {
        "sep": " ",
        "fields": [
            {"name": "datetime", "pos": slice(1, 3), "type": "datetime"},
            {"name": "level", "pos": 3, "type": str},
            {"name": "component", "pos": 4, "type": str},
            {"name": "pid", "pos": 5, "type": str},
            {"name": "Content", "pos": slice(6, None), "type": str},
        ],
    },
    "xferlog": {
        "sep": " ",
        "fields": [
            {"name": "current_time", "pos": slice(1, 5), "type": "datetime"},
            {"name": "transfer_time", "pos": 5, "type": int},
            {"name": "remote_host", "pos": 6, "type": str},
            {"name": "file_size", "pos": 7, "type": int},
            {"name": "filename", "pos": 8, "type": str},
            {"name": "transfer_type", "pos": 9, "type": str},
            {"name": "special_flag", "pos": 10, "type": str},
            {"name": "direction", "pos": 11, "type": "direction"},
            {"name": "access_mode", "pos": 12, "type": str},
            {"name": "username", "pos": 13, "type": str},
            {"name": "service_name", "pos": 14, "type": str},
            {"name": "auth_method", "pos": 15, "type": int},
            {"name": "auth_user_id", "pos": 16, "type": str},
            {"name": "status", "pos": 17, "type": str},
        ],
    },
}