jkumar2001 / graylog-generic-syslog Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
Hi there,
let me say that I am totally new to graylog and this content pack has got me started looking at a few things. I am using graylog2 beta2.
ssh_login_username
(should this not extract all user names and aggregate them showing which user logged in how often?)
**current: _"Accepted password for (.+) from (.+) port"
_rather: Accepted keyboard-interactive/pam for USER from IP port 61470 ssh2
or maybe: pam_unix(sshd:session): session opened for user root by (uid=0)
SSH Connection Dropped
(not sure about this one, are we only looking for dropped/blocked sessions by iptables?)
**current: _IPTables Packet Dropped" AND iptables_dport:22
_rather: pam_unix(sshd:session): session closed for user root
or: Received disconnect from 87.156.164.7: 11: disconnected by user
Fail2ban Ban
current: application_name:fail2ban.actions AND message:"NOTICE [sshd] Ban"
rather: application_name:fail2ban.actions AND (message:"WARNING [ssh] Ban" OR message:"WARNING [ssh-ddos] Ban")
Fail2ban Unban
current: application_name:fail2ban.actions AND message:"NOTICE [sshd] Unban"
rather: application_name:fail2ban.actions AND (message:"WARNING [ssh] Unban" OR message:"WARNING [ssh-ddos] Unban")
Root Login
current: message:" Accepted publickey for root " OR message:" Accepted password for root "
rather: message:"Accepted keyboard-interactive/pam for root"
SSH Login
current: message:" Accepted publickey for " OR message:" Accepted password for "
rather: see above but needs exception for root user
*Some dashboards don't add up: *
**SSH login failed server _reports a count of 38 and this is correct.
_using: message:" Failed publickey for " OR message:" Failed password for " OR (message:"Invalid user" AND message:from)
Failed SSHD Metrics reports: 56 and this is wrong as the 38 above are correct.
using: application_name:sshd AND (message:"Failed" OR message:"Invalid user")
Also, SSH Login Failed Source IP shows a total of 27, while SSH Failure count, SSH Login failures and SSH login failed server all show a total of 38.
Would you have a look if you can replicate this?
I'd like to get this working properly but maybe I am misunderstanding something?
When tying to import in graylog 3, there is the following error:
Error importing content pack, please ensure it is a valid JSON file. Check your Graylog logs for more information.
Null id at [Source: org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$UnCloseableInputStream@33bc6cf6; line: 474, column: 1] (through reference chain: org.graylog2.contentpacks.model.AutoValue_LegacyContentPack$Builder[“id”])
See also https://community.graylog.org/t/unable-to-import-content-packs-downloaded-from-marketplace/8732
Can you update this cool content_pack?
When tying to import in graylog 4, there is the following error:
Error importing content pack, please ensure it is a valid JSON file. Check your Graylog logs for more information.
Null id at [Source: org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$UnCloseableInputStream@33bc6cf6; line: 474, column: 1] (through reference chain: org.graylog2.contentpacks.model.AutoValue_LegacyContentPack$Builder[“id”])
Could you update this cool content_pack?
I go to SYSTEM => Content Packs => Import select this content pack click upload and nothing happens.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.