mirror of
https://github.com/crowdsecurity/crowdsec.git
synced 2025-05-14 05:14:06 +02:00
43 lines
1 KiB
YAML
43 lines
1 KiB
YAML
#these are the events we input into parser
|
|
lines:
|
|
- Line:
|
|
Labels:
|
|
#this one will be checked by a filter
|
|
type: testlog
|
|
Raw: <123.120>
|
|
- Line:
|
|
#see tricky case : first one is nginx via syslog, the second one is local nginx :)
|
|
Labels:
|
|
#this one will be checked by a filter
|
|
type: testlog
|
|
Raw: <123.121>
|
|
- Line:
|
|
#see tricky case : first one is nginx via syslog, the second one is local nginx :)
|
|
Labels:
|
|
#this one will be checked by a filter
|
|
type: testlog
|
|
Raw: XXXX
|
|
#these are the results we expect from the parser
|
|
results:
|
|
- Meta:
|
|
log_type: parsed_testlog
|
|
Parsed:
|
|
facility: 123
|
|
priority: 120
|
|
Enriched:
|
|
subgrok_static_why_is_it_still_here: because
|
|
Process: true
|
|
Stage: s00-raw
|
|
- Meta:
|
|
log_type: parsed_testlog
|
|
Parsed:
|
|
facility: 123
|
|
priority: 121
|
|
Enriched:
|
|
subgrok_static_why_is_it_still_here: because
|
|
Process: true
|
|
Stage: s00-raw
|
|
- Process: false
|
|
Stage: s00-raw
|
|
Line:
|
|
Raw: XXXX
|