Created
September 27, 2017 07:42
-
-
Save tatsuyaueda/693ba3d866ab59c2c3f12dd15c1336eb to your computer and use it in GitHub Desktop.
Graylog QNAP NAS ContentPack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "id":null, | |
| "name":"QNAP NAS", | |
| "description":"QNAP NAS", | |
| "category":"QNAP NAS", | |
| "inputs":[ | |
| { | |
| "title":"QNAP NAS Syslog UDP", | |
| "configuration":{ | |
| "override_source":"", | |
| "allow_override_date":true, | |
| "recv_buffer_size":262144, | |
| "bind_address":"0.0.0.0", | |
| "port":12514 | |
| }, | |
| "type":"org.graylog2.inputs.syslog.udp.SyslogUDPInput", | |
| "global":false, | |
| "extractors":[ | |
| { | |
| "title":"QNAPuser", | |
| "type":"REGEX", | |
| "configuration":{ | |
| "regex_value":"Users: ([a-zA-Z0-9\\-_\\\\]+)" | |
| }, | |
| "converters":[ | |
| ], | |
| "order":0, | |
| "cursor_strategy":"COPY", | |
| "target_field":"user", | |
| "source_field":"message", | |
| "condition_type":"NONE", | |
| "condition_value":"" | |
| }, | |
| { | |
| "title":"QNAPclientip", | |
| "type":"REGEX", | |
| "configuration":{ | |
| "regex_value":"Source IP: ([0-9\\.:]+)" | |
| }, | |
| "converters":[ | |
| ], | |
| "order":0, | |
| "cursor_strategy":"COPY", | |
| "target_field":"clientip", | |
| "source_field":"message", | |
| "condition_type":"NONE", | |
| "condition_value":"" | |
| }, | |
| { | |
| "title":"QNAPclienthost", | |
| "type":"REGEX", | |
| "configuration":{ | |
| "regex_value":"Computer name: ([a-zA-Z0-9\\-_\\.:]+)" | |
| }, | |
| "converters":[ | |
| ], | |
| "order":0, | |
| "cursor_strategy":"COPY", | |
| "target_field":"clienthost", | |
| "source_field":"message", | |
| "condition_type":"NONE", | |
| "condition_value":"" | |
| }, | |
| { | |
| "title":"QNAPconnectiontype", | |
| "type":"REGEX", | |
| "configuration":{ | |
| "regex_value":"Connection type: ([a-zA-Z0-9\\-_]+)" | |
| }, | |
| "converters":[ | |
| ], | |
| "order":0, | |
| "cursor_strategy":"COPY", | |
| "target_field":"connectiontype", | |
| "source_field":"message", | |
| "condition_type":"NONE", | |
| "condition_value":"" | |
| }, | |
| { | |
| "title":"QNAPaccessresource", | |
| "type":"REGEX", | |
| "configuration":{ | |
| "regex_value":"Accessed resources: (.+), Action:" | |
| }, | |
| "converters":[ | |
| ], | |
| "order":0, | |
| "cursor_strategy":"COPY", | |
| "target_field":"accessresource", | |
| "source_field":"message", | |
| "condition_type":"NONE", | |
| "condition_value":"" | |
| }, | |
| { | |
| "title":"QNAPaction", | |
| "type":"REGEX", | |
| "configuration":{ | |
| "regex_value":"Action: ([a-zA-Z0-9\\-_]+)" | |
| }, | |
| "converters":[ | |
| ], | |
| "order":0, | |
| "cursor_strategy":"COPY", | |
| "target_field":"action", | |
| "source_field":"message", | |
| "condition_type":"NONE", | |
| "condition_value":"" | |
| } | |
| ], | |
| "static_fields":{ | |
| } | |
| } | |
| ], | |
| "streams":[ | |
| ], | |
| "outputs":[ | |
| ], | |
| "dashboards":[ | |
| ], | |
| "grok_patterns":[ | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment