chg: [grok] sshd groking test

logcompiler/sshd.go

@@ -26,7 +26,8 @@ type SSHDCompiler struct {
 	CompilerStruct
 }
 
-type groked struct {
+// GrokedSSHD map JSON fields to Go struct
+type GrokedSSHD struct {
 	SSHMessage      string `json:"ssh_message"`
 	SyslogPid       string `json:"syslog_pid"`
 	SyslogHostname  string `json:"syslog_hostname"`
@@ -36,7 +37,7 @@ type groked struct {
 	SshdInvalidUser string `json:"sshd_invalid_user"`
 }
 
-var m groked
+var m GrokedSSHD
 
 // Flush recomputes statistics and recompile HTML output
 // TODO : review after refacto

logcompiler/sshd.txt

@@ -0,0 +1,4 @@
+{"ssh_message":"Invalid user misp-project from 119.42.175.200","syslog_pid":"28367","syslog_hostname":"sigmund","syslog_timestamp":"Feb 27 06:52:08","sshd_client_ip":"119.42.175.200","syslog_program":"sshd","sshd_invalid_user":"misp-project"}
+{"ssh_message":"Invalid user oracle from 49.212.211.207","syslog_pid":"28372","syslog_hostname":"sigmund","syslog_timestamp":"Feb 27 06:53:15","sshd_client_ip":"49.212.211.207","syslog_program":"sshd","sshd_invalid_user":"oracle"}
+{"ssh_message":"Invalid user 2019 from 112.78.1.247","syslog_pid":"28381","syslog_hostname":"sigmund","syslog_timestamp":"Feb 27 06:53:57","sshd_client_ip":"112.78.1.247","syslog_program":"sshd","sshd_invalid_user":"2019"}
+{"ssh_message":"Invalid user postgres from 217.182.194.95","syslog_pid":"28435","syslog_hostname":"sigmund","syslog_timestamp":"Feb 27 06:58:11","sshd_client_ip":"217.182.194.95","syslog_program":"sshd","sshd_invalid_user":"postgres"}