From 33ca704d26658a8c2f2a4e3de33846d397ac1cd0 Mon Sep 17 00:00:00 2001 From: prohand <20227162+prohand@users.noreply.github.com> Date: Wed, 3 Jun 2026 21:20:52 +0200 Subject: [PATCH] Update adguardhome-logs.yaml for new logs The log format change to : 2026/06/03 21:13:32.653418 [error] webapi: http error host=dns.mondomaine.com method=POST url=/control/login status=403 ip=192.168.1.1 err="invalid username or password" --- parsers/s01-parse/LePresidente/adguardhome-logs.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/parsers/s01-parse/LePresidente/adguardhome-logs.yaml b/parsers/s01-parse/LePresidente/adguardhome-logs.yaml index 906984e3d96..7b4911cb972 100644 --- a/parsers/s01-parse/LePresidente/adguardhome-logs.yaml +++ b/parsers/s01-parse/LePresidente/adguardhome-logs.yaml @@ -4,6 +4,12 @@ name: LePresidente/adguardhome-logs description: "Parse adguardhome logs" filter: "evt.Parsed.program == 'adguardhome'" nodes: + - grok: + pattern: '%{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME:time}\.%{GREEDYDATA:milliseconds} \[%{LOGLEVEL:level}\] %{WORD:service}: http error host=%{HOSTNAME:host} method=%{WORD:method} url=%{URIPATH:url} status=%{NUMBER:status} ip=%{IP:source_ip} err="%{GREEDYDATA:error_message}"' + apply_on: message + statics: + - meta: log_type + value: adguardhome_failed_auth - grok: pattern: '%{DATE_X:date} %{TIME:time}.* POST %{HOSTNAME} /control/login: from ip %{IP:source_ip}: invalid username or password$' apply_on: message @@ -24,4 +30,4 @@ statics: - meta: source_ip expression: "evt.Parsed.source_ip" - target: evt.StrTime - expression: "evt.Parsed.date + ' ' + evt.Parsed.time" \ No newline at end of file + expression: "evt.Parsed.date + ' ' + evt.Parsed.time"