gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1fb2b11d4a
secubox-openwrt/package/secubox/secubox-app-crowdsec-custom/files/parsers/s01-parse/secubox-haproxy.yaml
CyberMind-FR 1fb2b11d4a feat(crowdsec+haproxy): Dashboard refactor, custom parsers & scenarios 
CrowdSec Dashboard:
- Refactor all views (alerts, bouncers, decisions, overview, settings)
- Add soc.css for Security Operations Center styling
- Remove 3000+ lines of redundant code

CrowdSec Custom Parsers & Scenarios:
- Add secubox-gitea parser and bruteforce scenario
- Add secubox-haproxy parser and bruteforce scenario
- Add secubox-streamlit parser and bruteforce scenario
- Add secubox-webapp parser and bruteforce scenario
- Update Makefile for new parser/scenario files

HAProxy:
- Update api.js, backends.js view improvements
- Update luci.haproxy RPCD backend
- Update haproxyctl helper script

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-27 11:16:17 +01:00

37 lines
1.3 KiB
YAML
Raw Blame History

# CrowdSec parser for HAProxy logs
# Parses HAProxy access and error logs for auth events
onsuccess: next_stage
name: secubox/haproxy-logs
description: "Parse HAProxy access logs"
filter: "evt.Parsed.program == 'haproxy' || evt.Line contains 'haproxy'"
grok:
pattern: '%{IP:source_ip}:%{INT:source_port} \[%{HAPROXYDATE:timestamp}\] %{NOTSPACE:frontend} %{NOTSPACE:backend}/%{NOTSPACE:server} %{INT:tq}/%{INT:tw}/%{INT:tc}/%{INT:tr}/%{INT:tt} %{INT:http_status} %{INT:bytes_read}'
apply_on: message
statics:
- meta: log_type
value: haproxy
- meta: service
value: haproxy
---
# Parse HAProxy auth failures (401/403 responses)
onsuccess: next_stage
name: secubox/haproxy-auth-failure
description: "Parse HAProxy authentication failures"
filter: "evt.Meta.log_type == 'haproxy' && evt.Parsed.http_status in ['401', '403']"
statics:
- meta: auth_success
value: "false"
---
# Parse HAProxy backend connection failures
onsuccess: next_stage
name: secubox/haproxy-backend-failure
description: "Parse HAProxy backend connection failures"
filter: "evt.Line contains 'haproxy' && (evt.Line contains 'no server available' || evt.Line contains 'Connection refused')"
grok:
pattern: "%{IP:source_ip}.*%{GREEDYDATA:error_message}"
apply_on: message
statics:
- meta: log_type
value: haproxy_error
Reference in New Issue View Git Blame Copy Permalink