UNPKG

nsyslog

Version:

Modular new generation log agent. Reads, transform, aggregate, correlate and send logs from sources to destinations

github.com/solzimer/nsyslog

solzimer/nsyslog

93 lines 6.98 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
{ "config": { "datadir": "/tmp/nsyslog", "frontend": { "host": "0.0.0.0", "port": 19998, "context": "/", "ssl": { "enabled": false, "key": "./monitor.key", "cert": "./monitor.crt" } }, "input": { "buffer": 100 } }, "register": [ { "type": "processor", "id": "leak", "require": "../custom/custom-processor-leak.js" } ], "inputs": { "lines": { "type": "static", "config": { "loop": true, "lines": [ "<188>0 2019-11-13T01:03:54+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 45.227.254.30:59674(aggregate1.21) to 79.170.8.238:135(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/TCP, action: DROP, defender: PTF, severity: Low, detected low reputation ip: 45.227.254.30, category: Scanner, reputation score 100, hit-count: 1(in the last 5 seconds)", "<188>0 2019-11-13T01:03:56+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 185.173.35.41:63867(aggregate1.21) to 79.170.8.139:1521(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/TCP, action: DROP, defender: PTF, severity: Low, detected low reputation ip: 185.173.35.41, category: Scanner, reputation score 68, hit-count: 1(in the last 5 seconds)", "<188>0 2019-11-13T01:03:57+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 107.189.11.160:54320(aggregate1.21) to 79.170.8.248:23(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/TCP, action: DROP, defender: PTF, severity: Low, detected low reputation ip: 107.189.11.160, category: Scanner/Brute-Forcer, reputation score 84, hit-count: 1(in the last 5 seconds)", "<188>0 2019-11-13T01:03:58+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 93.174.95.106:25932(aggregate1.21) to 79.170.8.35:49(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/TCP, action: DROP, defender: PTF, severity: High, detected low reputation ip: 93.174.95.106, category: Bot, reputation score 68, hit-count: 1(in the last 5 seconds)", "<188>0 2019-11-13T01:03:58+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 119.147.144.22:46831(aggregate1.21) to 79.170.8.234:445(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/TCP, action: DROP, defender: PTF, severity: Low, detected low reputation ip: 119.147.144.22, category: Scanner, reputation score 68, hit-count: 1(in the last 5 seconds)", "<188>0 2019-11-13T01:03:59+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 77.73.48.14:57594(aggregate1.21) to 79.170.8.163:1433(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/TCP, action: DROP, defender: PTF, severity: Low, detected low reputation ip: 77.73.48.14, category: Scanner, reputation score 84, hit-count: 1(in the last 5 seconds)", "<188>0 2019-11-13T01:03:59+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 185.94.111.1:52385(aggregate1.21) to 79.170.8.66:161(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/UDP, action: DROP, defender: PTF, severity: Low, detected low reputation ip: 185.94.111.1, category: Scanner/DDos-Attacker, reputation score 92, hit-count: 1(in the last 6 seconds)", "<188>0 2019-11-13T01:03:59+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 185.209.0.18:56942(aggregate1.21) to 79.170.8.13:4323(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/TCP, action: DROP, defender: PTF, severity: Low, detected low reputation ip: 185.209.0.18, category: Scanner, reputation score 55, hit-count: 1(in the last 5 seconds)", "<188>0 2019-11-13T01:03:59+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 185.173.35.53:50013(aggregate1.21) to 79.170.8.237:1434(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/UDP, action: DROP, defender: PTF, severity: Low, detected low reputation ip: 185.173.35.53, category: Scanner, reputation score 68, hit-count: 1(in the last 6 seconds)", "<188>0 2019-11-13T01:04:00+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 89.248.169.17:36669(aggregate1.21) to 79.170.8.176:9000(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/TCP, action: DROP, defender: PTF, severity: Low, detected low reputation ip: 89.248.169.17, category: Scanner/Brute-Forcer, reputation score 68, hit-count: 6(in the last 11 seconds)", "<188>0 2019-11-13T01:04:01+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 111.93.214.78:56731(aggregate1.21) to 79.170.8.57:445(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/TCP, action: DROP, defender: PTF, severity: Low, detected low reputation ip: 111.93.214.78, category: Scanner, reputation score 68, hit-count: 1(in the last 5 seconds)", "<188>0 2019-11-13T01:04:02+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 186.42.182.40:47004(aggregate1.21) to 79.170.8.46:1433(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/TCP, action: DROP, defender: PTF, severity: Low, detected low reputation ip: 186.42.182.40, category: Scanner, reputation score 68, hit-count: 1(in the last 5 seconds)", "<188>0 2019-11-13T01:04:02+01:00 172.26.200.6 2812027172003338(root) - - - 46809403 Threat@FLOW: From 37.49.230.18:51308(aggregate1.21) to 79.170.8.57:80(-), threat name: Blacklist-IP, threat type: Attack, threat subtype: Risk IP, App/Protocol: IPv4/TCP, action: DROP, defender: PTF, severity: Low, detected low reputation ip: 37.49.230.18, category: Scanner, reputation score 68, hit-count: 1(in the last 5 seconds)" ] } } }, "processors": { "leak": { "type": "leak", "config": {} } }, "transporters": { "console": { "type": "console", "attach": [ "flow1" ], "config": { "format": "${JSON:2}", "json": { "format": true, "spaces": 2, "color": true } } }, "null": { "type": "null" } }, "flows": [ { "id": "flow1", "from": "lines", "fork": true, "processors": [ "leak" ], "transporters": "null" }, { "id": "flow2", "from": "lines", "fork": true, "processors": [ "leak" ], "transporters": "null" } ] }