wixaw / modsecurity_logstash_parsing Goto Github PK
View Code? Open in Web Editor NEWRecupération des types de tentatives d'attaques
License: Other
modsecurity_logstash_parsing's People
Contributors
Stargazers
Watchers
modsecurity_logstash_parsing's Issues
Pas de résultat dans Kibana
J'obtient le bon format de sortie JSON
Dans Kibana il n'y a pas les informations "custom_modsec" mais uniquement la partie Beat ( de filebeat)
14:45:00 root@proxyTEST:~# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/01-apache_modsec.conf -v --debug --verbose -w 1
custom_modsec plugin doesn't have a version. This plugin isn't well
supported by the community and likely has no maintainer. {:level=>:warn}
New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["localhost:9200"], :level=>:info}
Settings: User set pipeline workers: 1, Default pipeline workers: 4
Beats inputs: Starting input listener {:address=>"0.0.0.0:5044", :level=>:info}
New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["localhost:9200"], :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/aws", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/bacula", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/bro", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/exim", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/firewalls", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/grok-patterns", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/haproxy", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/java", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/junos", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/linux-syslog", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/mcollective", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/mcollective-patterns", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/mongodb", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/nagios", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/postgresql", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/rails", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/redis", :level=>:info}
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns/ruby", :level=>:info}
Starting pipeline {:id=>"base", :pipeline_workers=>1, :batch_size=>125, :batch_delay=>5, :max_inflight=>125, :level=>:info}
Pipeline started {:level=>:info}
Logstash startup completed
{
"@version" => "1",
"@timestamp" => "2016-03-17T14:06:47.282Z",
"beat" => {
"hostname" => "srv-web-test",
"name" => "srv-web-test"
},
"count" => 1,
"fields" => {
"service" => "apache",
"type" => "mod_security"
},
"input_type" => "log",
"source" => "/var/log/httpd/modsec_audit.log",
"type" => "mod_security",
"host" => "srv-web-test",
"tags" => [
[0] "beats_input_codec_plain_applied",
[1] "multiline"
]
}
{
"@version" => "1",
"@timestamp" => "2016-03-17T14:06:56.068Z",
"info" => "Warning. Pattern match \"^[\\\\d.:]+$\" at REQUEST_HEADERS:Host.",
"file" => "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_21_protocol_anomalies.conf",
"line" => "98",
"id" => "960017",
"msg" => "Host header is a numeric IP address",
"severity" => "WARNING",
"data" => "141.115.13.23",
"tag" => "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST",
"input_type" => "log",
"source" => "/var/log/httpd/modsec_audit.log",
"type" => "mod_security"
}
{
"@version" => "1",
"@timestamp" => "2016-03-17T14:06:56.069Z",
"info" => "Warning. Pattern match \"(^[\\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)\" at ARGS:username.",
"file" => "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf",
"line" => "64",
"id" => "981318",
"msg" => "SQL Injection Attack: Common Injection Testing Detected",
"severity" => "CRITICAL",
"data" => "Matched Data: ' found within ARGS:username: ' or true --",
"tag" => "OWASP_CRS/WEB_ATTACK/SQL_INJECTION",
"input_type" => "log",
"source" => "/var/log/httpd/modsec_audit.log",
"type" => "mod_security"
}
{
"@version" => "1",
"@timestamp" => "2016-03-17T14:06:56.069Z",
"info" => "Warning. Pattern match \"(^[\\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)\" at ARGS:passwd.",
"file" => "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf",
"line" => "64",
"id" => "981318",
"msg" => "SQL Injection Attack: Common Injection Testing Detected",
"severity" => "CRITICAL",
"data" => "Matched Data: ' found within ARGS:passwd: ' or true --",
"tag" => "OWASP_CRS/WEB_ATTACK/SQL_INJECTION",
"input_type" => "log",
"source" => "/var/log/httpd/modsec_audit.log",
"type" => "mod_security"
}
{
"@version" => "1",
"@timestamp" => "2016-03-17T14:06:56.070Z",
"info" => "Warning. Pattern match \"(?i:\\\\bor\\\\b ?(?:\\\\d{1,10}|[\\\\'\\\"][^=]{1,10}[\\\\'\\\"]) ?[=<>]+|(?i:'\\\\s+x?or\\\\s+.{1,20}[+\\\\-!<>=])|\\\\b(?i:x?or)\\\\b\\\\s+(\\\\d{1,10}|'[^=]{1,10}')|\\\\b(?i:x?or)\\\\b\\\\s+(\\\\d{1,10}|'[^=]{1,10}')\\\\s*?[=<>])\" at ARGS:username.",
"file" => "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf",
"line" => "133",
"id" => "959071",
"msg" => "SQL Injection Attack",
"severity" => "CRITICAL",
"data" => "Matched Data: ' or true -- found within ARGS:username: ' or true --",
"tag" => "OWASP_CRS/WEB_ATTACK/SQL_INJECTION",
"input_type" => "log",
"source" => "/var/log/httpd/modsec_audit.log",
"type" => "mod_security"
}
{
"@version" => "1",
"@timestamp" => "2016-03-17T14:06:56.070Z",
"info" => "Warning. Pattern match \"(?i:\\\\bor\\\\b ?(?:\\\\d{1,10}|[\\\\'\\\"][^=]{1,10}[\\\\'\\\"]) ?[=<>]+|(?i:'\\\\s+x?or\\\\s+.{1,20}[+\\\\-!<>=])|\\\\b(?i:x?or)\\\\b\\\\s+(\\\\d{1,10}|'[^=]{1,10}')|\\\\b(?i:x?or)\\\\b\\\\s+(\\\\d{1,10}|'[^=]{1,10}')\\\\s*?[=<>])\" at ARGS:passwd.",
"file" => "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf",
"line" => "133",
"id" => "959071",
"msg" => "SQL Injection Attack",
"severity" => "CRITICAL",
"data" => "Matched Data: ' or true -- found within ARGS:passwd: ' or true --",
"tag" => "OWASP_CRS/WEB_ATTACK/SQL_INJECTION",
"input_type" => "log",
"source" => "/var/log/httpd/modsec_audit.log",
"type" => "mod_security"
}
{
"@version" => "1",
"@timestamp" => "2016-03-17T14:06:56.070Z",
"info" => "Warning. Operator GE matched 5 at TX:inbound_anomaly_score.",
"file" => "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_60_correlation.conf",
"line" => "37",
"id" => "981204",
"msg" => "Inbound Anomaly Score Exceeded (Total Inbound Score: 23, SQLi=20, XSS=): SQL Injection Attack",
"severity" => nil,
"data" => nil,
"tag" => nil,
"input_type" => "log",
"source" => "/var/log/httpd/modsec_audit.log",
"type" => "mod_security"
}
{
"@version" => "1",
"@timestamp" => "2016-03-17T14:06:47.283Z",
"beat" => {
"hostname" => "srv-web-test",
"name" => "srv-web-test"
},
"count" => 1,
"fields" => {
"service" => "apache",
"type" => "mod_security"
},
"input_type" => "log",
"source" => "/var/log/httpd/modsec_audit.log",
"type" => "mod_security",
"host" => "srv-web-test",
"tags" => [
[0] "beats_input_codec_plain_applied",
[1] "multiline"
]
}
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.