line: {"level":"info","ts":1753128716.1220193,"logger":"http.log.access.log4","msg":"handled request","request":{"remote_ip":"13.79.220.139","remote_port":"13051","client_ip":"13.79.220.139","proto":"HTTP/1.1","method":"GET","host":"liveliteandwell.com","uri":"/wp-content/themes/aahana/json.php","headers":{      }},"bytes_read":0,"user_id":"","duration":0.000062293,"size":0,"status":308,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Connection":["close"],"Location":["https://liveliteandwell.com/wp-content/themes/aahana/json.php"]}}
	├ s00-raw
	|	├ 🔴 crowdsecurity/syslog-logs
	|	└ 🟢 crowdsecurity/non-syslog (+5 ~8)
	|		└ update evt.ExpectMode : %!s(int=0) -> 1
	|		└ update evt.Stage :  -> s01-parse
	|		└ update evt.Line.Raw :  -> {"level":"info","ts":1753128716.1220193,"logger":"http.log.access.log4","msg":"handled request","request":{"remote_ip":"13.79.220.139","remote_port":"13051","client_ip":"13.79.220.139","proto":"HTTP/1.1","method":"GET","host":"liveliteandwell.com","uri":"/wp-content/themes/aahana/json.php","headers":{      }},"bytes_read":0,"user_id":"","duration":0.000062293,"size":0,"status":308,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Connection":["close"],"Location":["https://liveliteandwell.com/wp-content/themes/aahana/json.php"]}}
	|		└ update evt.Line.Src :  -> /tmp/cscli_explain2298914083/cscli_test_tmp.log
	|		└ update evt.Line.Time : 0001-01-01 00:00:00 +0000 UTC -> 2025-10-16 02:58:25.712059138 +0000 UTC
	|		└ create evt.Line.Labels.type : caddy
	|		└ update evt.Line.Process : %!s(bool=false) -> true
	|		└ update evt.Line.Module :  -> file
	|		└ create evt.Parsed.program : caddy
	|		└ create evt.Parsed.message : {"level":"info","ts":1753128716.1220193,"logger":"http.log.access.log4","msg":"handled request","request":{"remote_ip":"13.79.220.139","remote_port":"13051","client_ip":"13.79.220.139","proto":"HTTP/1.1","method":"GET","host":"liveliteandwell.com","uri":"/wp-content/themes/aahana/json.php","headers":{      }},"bytes_read":0,"user_id":"","duration":0.000062293,"size":0,"status":308,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Connection":["close"],"Location":["https://liveliteandwell.com/wp-content/themes/aahana/json.php"]}}
	|		└ update evt.Time : 0001-01-01 00:00:00 +0000 UTC -> 2025-10-16 02:58:25.712631506 +0000 UTC
	|		└ create evt.Meta.datasource_path : /tmp/cscli_explain2298914083/cscli_test_tmp.log
	|		└ create evt.Meta.datasource_type : file
	├ s01-parse
	|	├ 🟢 crowdsecurity/caddy-logs (+12 ~2)
	|		├ update evt.Stage : s01-parse -> s02-enrich
	|		├ create evt.Parsed.remote_ip : 13.79.220.139
	|		├ create evt.Parsed.request : /wp-content/themes/aahana/json.php
	|		├ create evt.Parsed.verb : GET
	|		├ create evt.Parsed.http_version : 1.1
	|		├ create evt.Unmarshaled.caddy : map[bytes_read:0 duration:6.2293e-05 level:info logger:http.log.access.log4 msg:handled request request:map[client_ip:13.79.220.139 headers:map[] host:liveliteandwell.com method:GET proto:HTTP/1.1 remote_ip:13.79.220.139 remote_port:13051 uri:/wp-content/themes/aahana/json.php] resp_headers:map[Connection:[close] Content-Type:[] Location:[https://liveliteandwell.com/wp-content/themes/aahana/json.php] Server:[Caddy]] size:0 status:308 ts:1.7531287161220193e+09 user_id:]
	|		├ update evt.StrTime :  -> 1753128716
	|		├ create evt.Meta.target_fqdn : liveliteandwell.com
	|		├ create evt.Meta.http_path : /wp-content/themes/aahana/json.php
	|		├ create evt.Meta.log_type : http_access-log
	|		├ create evt.Meta.service : http
	|		├ create evt.Meta.http_status : 308
	|		├ create evt.Meta.http_verb : GET
	|		├ create evt.Meta.source_ip : 13.79.220.139
	|	├ 🔴 crowdsecurity/opnsense-gui-logs
	|	├ 🔴 firewallservices/pf-logs
	|	├ 🔴 firewallservices/pf-logs-drop
	|	└ 🔴 crowdsecurity/sshd-logs
	├ s02-enrich
	|	├ 🟢 crowdsecurity/escowhitelists (unchanged)
	|	├ 🟢 crowdsecurity/dateparse-enrich (+2 ~2)
	|		├ create evt.Enriched.MarshaledTime : 2025-07-21T13:11:56-07:00
	|		├ update evt.Time : 2025-10-16 02:58:25.712631506 +0000 UTC -> 2025-07-21 13:11:56 -0700 PDT
	|		├ update evt.MarshaledTime :  -> 2025-07-21T13:11:56-07:00
	|		├ create evt.Meta.timestamp : 2025-07-21T13:11:56-07:00
	|	├ 🟢 crowdsecurity/geoip-enrich (+13)
	|		├ create evt.Enriched.ASNumber : 8075
	|		├ create evt.Enriched.IsInEU : true
	|		├ create evt.Enriched.IsoCode : IE
	|		├ create evt.Enriched.Latitude : 53.338200
	|		├ create evt.Enriched.SourceRange : 13.64.0.0/11
	|		├ create evt.Enriched.ASNNumber : 8075
	|		├ create evt.Enriched.ASNOrg : MICROSOFT-CORP-MSN-AS-BLOCK
	|		├ create evt.Enriched.Longitude : -6.259100
	|		├ create evt.Meta.IsInEU : true
	|		├ create evt.Meta.SourceRange : 13.64.0.0/11
	|		├ create evt.Meta.ASNNumber : 8075
	|		├ create evt.Meta.ASNOrg : MICROSOFT-CORP-MSN-AS-BLOCK
	|		├ create evt.Meta.IsoCode : IE
	|	├ 🟢 crowdsecurity/http-logs (+7)
	|		├ create evt.Parsed.file_name : json.php
	|		├ create evt.Parsed.static_ressource : false
	|		├ create evt.Parsed.file_ext : .php
	|		├ create evt.Parsed.impact_completion : true
	|		├ create evt.Parsed.file_dir : /wp-content/themes/aahana/
	|		├ create evt.Parsed.file_frag : json
	|		├ create evt.Meta.http_args_len : 0
	|	├ 🟢 crowdsecurity/public-dns-allowlist (unchanged)
	|	└ 🟢 crowdsecurity/whitelists (unchanged)
	├-------- parser success 🟢
	├ Scenarios
		└ 🟢 crowdsecurity/http-crawl-non_statics