mirror of
https://github.com/crowdsecurity/crowdsec.git
synced 2025-05-14 05:14:06 +02:00
30 lines
734 B
YAML
30 lines
734 B
YAML
#these are the events we input into parser
|
|
lines:
|
|
- Line:
|
|
Labels:
|
|
#this one will be checked by a filter
|
|
type: type1
|
|
Raw: xxheader VALUE1 trailing stuff
|
|
- Line:
|
|
#see tricky case : first one is nginx via syslog, the second one is local nginx :)
|
|
Labels:
|
|
#this one will be checked by a filter
|
|
type: type1
|
|
Raw: xxheader VALUE2 trailing stuff
|
|
#these are the results we expect from the parser
|
|
results:
|
|
- Meta:
|
|
final_state: leaf1
|
|
state_sub: VALUE1
|
|
Parsed:
|
|
extracted_value: VALUE1
|
|
Process: true
|
|
Stage: s00-raw
|
|
- Meta:
|
|
final_state: leaf2
|
|
state_sub: VALUE2
|
|
Parsed:
|
|
extracted_value: VALUE2
|
|
Process: true
|
|
Stage: s00-raw
|
|
|