aykhans/my-self-host-services
1
0
Fork 0
mirror of https://github.com/aykhans/my-self-host-services.git synced 2026-05-29 15:35:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add crowdsec

Browse Source
This commit is contained in:
Aykhan Shahsuvarov
2026-05-10 00:07:06 +04:00
parent 54e3854c0d
commit e11b03ebaf
20 changed files with 376 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crowdsec/parsers/s00-raw/stalwart-logs.yaml
+10
View File
@@ -0,0 +1,10 @@
name: stalwart/parse-logs
description: Raw parser for Stalwart logs
stage: s00-raw
onsuccess: next_stage
filter: "evt.Parsed.program == 'stalwart' || evt.Line.Labels.type == 'stalwart'"
nodes:
- grok:
apply_on: Line.Raw
pattern: '^%{TIMESTAMP_ISO8601:timestamp}\s+%{WORD:log_level}\s+%{DATA:message_text}\s*\(%{DATA:event_type}\)\s*(%{GREEDYDATA:kvpairs})?$'
crowdsec/parsers/s01-parse/stalwart-logs-extended.yaml
+15
View File
@@ -0,0 +1,15 @@
name: stalwart/parse-extended
description: Parse Stalwart logs including key fields without kv parser
stage: s01-parse
onsuccess: next_stage
filter: "evt.Parsed.program == 'stalwart' || evt.Line.Labels.type == 'stalwart'"
nodes:
- grok:
apply_on: Line.Raw
pattern: '^%{TIMESTAMP_ISO8601:timestamp}\s+%{WORD:log_level}\s+%{DATA:message_text}\s+\(%{DATA:event_type}\)\s*(?:listenerId\s*=\s*"%{DATA:listenerId}",\s*)?(?:localPort\s*=\s*%{INT:localPort},\s*)?(?:remoteIp\s*=\s*%{IP:remoteIp},\s*)?(?:remotePort\s*=\s*%{INT:remotePort},\s*)?(?:reason\s*=\s*"%{DATA:reason}")?.*$'
statics:
- meta: source_ip
expression: evt.Parsed.remoteIp
- meta: service
value: stalwart
crowdsec/parsers/s02-enrich/whitelist-trusted.yaml
+11
View File
@@ -0,0 +1,11 @@
name: aykhans/whitelist-trusted
description: Trusted operator IPs and Docker private network ranges
whitelist:
reason: "operator + internal docker networks"
ip:
- "127.0.0.1"
- "::1"
cidr:
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"