chibenwa commented on code in PR #1743:
URL: https://github.com/apache/james-project/pull/1743#discussion_r1350052533
##########
third-party/crowdsec/sample-configuration/parsers/james-auth.yaml:
##########
@@ -0,0 +1,27 @@
+onsuccess: next_stage
+debug: true
+filter: "evt.Parsed.program == 'james'"
+name: linagora/james-connect-security-log
+description: "Parser for James Connect Security Log"
+
+pattern_syntax:
+ JAMES_AUTH_FAIL:
'\{"timestamp":"%{DATA:time}","level":"%{LOGLEVEL:level}","thread":"%{DATA:thread}","mdc":{"protocol":"%{DATA:protocol}","ip":"%{IPV4:ip}","host":"%{IPV4:host}","action":"LOGIN","login-user":"%{EMAILADDRESS:loginUser}","sessionId":"%{DATA:sessionId}","user":"%{DATA:user}"\},"logger":"%{JAVACLASS:logger}","message":"User
%{DATA:loginUser} failed authentication","context":"%{DATA:context}"\}'
Review Comment:
Not sure it is a good idea to rewrite a JSON parser with a REGEXP...
How robust is this solution to field reordering for instance?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
