filter: "evt.Parsed.program startsWith 'nginx'" name: crowdsecurity/custom-nginx-logs description: "Parse nginx access logs in JSON format" onsuccess: next_stage nodes: - grok: pattern: '%{GREEDYDATA}(?Error obtaining Endpoints for Service)%{GREEDYDATA}' expression: evt.Line.Raw - filter: evt.Parsed.endpoint != nil onsuccess: next_stage statics: - meta: log_type value: dev-null-endpoint statics: - target: evt.StrTime expression: JsonExtract(evt.Line.Raw, "@timestamp") - parsed: status expression: JsonExtract(evt.Line.Raw, "status") - parsed: body_bytes_sent expression: JsonExtract(evt.Line.Raw, "body_bytes_sent") - parsed: request_length expression: JsonExtract(evt.Line.Raw, "request_length") - parsed: request_time expression: JsonExtract(evt.Line.Raw, "request_time") - parsed: request expression: JsonExtract(evt.Line.Raw, "request") - parsed: remote_addr expression: JsonExtract(evt.Line.Raw, "remote_addr") - parsed: verb expression: JsonExtract(evt.Line.Raw, "request_method") - parsed: time_local expression: JsonExtract(evt.Line.Raw, "time_local") - parsed: http_version expression: JsonExtract(evt.Line.Raw, "server_protocol") - parsed: target_fqdn expression: JsonExtract(evt.Line.Raw, "vhost") - parsed: http_referer expression: JsonExtractObject(evt.Line.Raw, "http")["referer"] - parsed: http_user_agent expression: JsonExtractObject(evt.Line.Raw, "http")["user_agent"] - parsed: proxy_upstream_name expression: JsonExtractObject(evt.Line.Raw, "proxy")["upstream_name"] - parsed: proxy_alternative_upstream_name expression: JsonExtractObject(evt.Line.Raw, "upstream")["addr"] - parsed: port value: "-" - parsed: remote_user value: "-" - meta: source_ip expression: "evt.Parsed.remote_addr" - meta: http_status expression: "evt.Parsed.status" - meta: http_path expression: "evt.Parsed.request" - meta: http_verb expression: "evt.Parsed.verb" - meta: http_user_agent expression: "evt.Parsed.http_user_agent" - meta: target_fqdn expression: "evt.Parsed.target_fqdn" - meta: service value: http - meta: log_type value: http_access-log