chg: [grok] sshd groking test
parent
df32553050
commit
593c6425b5
|
@ -26,7 +26,8 @@ type SSHDCompiler struct {
|
||||||
CompilerStruct
|
CompilerStruct
|
||||||
}
|
}
|
||||||
|
|
||||||
type groked struct {
|
// GrokedSSHD map JSON fields to Go struct
|
||||||
|
type GrokedSSHD struct {
|
||||||
SSHMessage string `json:"ssh_message"`
|
SSHMessage string `json:"ssh_message"`
|
||||||
SyslogPid string `json:"syslog_pid"`
|
SyslogPid string `json:"syslog_pid"`
|
||||||
SyslogHostname string `json:"syslog_hostname"`
|
SyslogHostname string `json:"syslog_hostname"`
|
||||||
|
@ -36,7 +37,7 @@ type groked struct {
|
||||||
SshdInvalidUser string `json:"sshd_invalid_user"`
|
SshdInvalidUser string `json:"sshd_invalid_user"`
|
||||||
}
|
}
|
||||||
|
|
||||||
var m groked
|
var m GrokedSSHD
|
||||||
|
|
||||||
// Flush recomputes statistics and recompile HTML output
|
// Flush recomputes statistics and recompile HTML output
|
||||||
// TODO : review after refacto
|
// TODO : review after refacto
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
{"ssh_message":"Invalid user misp-project from 119.42.175.200","syslog_pid":"28367","syslog_hostname":"sigmund","syslog_timestamp":"Feb 27 06:52:08","sshd_client_ip":"119.42.175.200","syslog_program":"sshd","sshd_invalid_user":"misp-project"}
|
||||||
|
{"ssh_message":"Invalid user oracle from 49.212.211.207","syslog_pid":"28372","syslog_hostname":"sigmund","syslog_timestamp":"Feb 27 06:53:15","sshd_client_ip":"49.212.211.207","syslog_program":"sshd","sshd_invalid_user":"oracle"}
|
||||||
|
{"ssh_message":"Invalid user 2019 from 112.78.1.247","syslog_pid":"28381","syslog_hostname":"sigmund","syslog_timestamp":"Feb 27 06:53:57","sshd_client_ip":"112.78.1.247","syslog_program":"sshd","sshd_invalid_user":"2019"}
|
||||||
|
{"ssh_message":"Invalid user postgres from 217.182.194.95","syslog_pid":"28435","syslog_hostname":"sigmund","syslog_timestamp":"Feb 27 06:58:11","sshd_client_ip":"217.182.194.95","syslog_program":"sshd","sshd_invalid_user":"postgres"}
|
Loading…
Reference in New Issue