enhance: add go endlessh compatible parser (#1057)

* enhance: add go endlessh compatible parser * enhance: fix my stuff * enhance: regenerate index file
crowdsecurity · Jun 13, 2024 · 5b1ba1f · 5b1ba1f
1 parent c150cc3
commit 5b1ba1f
Show file tree

Hide file tree

Showing 4 changed files with 487 additions and 185 deletions.
diff --git a/.index.json b/.index.json
@@ -6379,7 +6379,7 @@
  "crowdsecurity/endlessh-logs": {
  "path": "parsers/s01-parse/crowdsecurity/endlessh-logs.yaml",
  "stage": "s01-parse",
- "version": "0.3",
+ "version": "0.5",
  "versions": {
  "0.1": {
  "digest": "dc1affad319badddf95ad1a16bf633b6fd70ed02db0e490dc0540eef47576f2a",
@@ -6392,9 +6392,17 @@
  "0.3": {
  "digest": "ebb816832a32b98dca8e15f402c30c1010cf5ad1ebc2b1f910f74f40fd115902",
  "deprecated": false
+ },
+ "0.4": {
+ "digest": "c6ddcc2a112b82ad359243a7d8152c1caae47ddf3722b42af6be3b44f5fcb4e4",
+ "deprecated": false
+ },
+ "0.5": {
+ "digest": "620c6dc58cb72a142a957f3d138ba68228281c031e27fd0a1aab2f8e2f6f093b",
+ "deprecated": false
  }
  },
- "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnZW5kbGVzc2gnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L2VuZGxlc3NoLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBFbmRsZXNzaCBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICBFTkRMRVNTSF9BQ0NFUFRfVjQ6ICIle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0/IEFDQ0VQVCBob3N0PSg6OmZmZmY6KT8le0lQVjQ6c291cmNlX2lwfSAiCiAgRU5ETEVTU0hfQUNDRVBUX1Y2OiAiJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lc3RhbXB9PyBBQ0NFUFQgaG9zdD0le0lQVjY6c291cmNlX2lwfSAiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgbmFtZTogIkVORExFU1NIX0FDQ0VQVF9WNCIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdAogIC0gZ3JvazoKICAgICAgbmFtZTogIkVORExFU1NIX0FDQ0VQVF9WNiIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdApzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGVuZGxlc3NoCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCg==",
+ "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnZW5kbGVzc2gnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L2VuZGxlc3NoLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBFbmRsZXNzaCBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICBFTkRMRVNTSF9HT19EQVRFOiAiJXtNT05USE5VTTJ9JXtEQVkyfSAle1RJTUV9IgogIEVORExFU1NIX0dPX0xJTkU6ICJJJXtFTkRMRVNTSF9HT19EQVRFOnRpbWVzdGFtcH0uKlxcXSBBQ0NFUFQgaG9zdD0le0lQOnNvdXJjZV9pcH0gIgogIEVORExFU1NIX0FDQ0VQVF9WNDogIiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZXN0YW1wfT8gQUNDRVBUIGhvc3Q9KDo6ZmZmZjopPyV7SVBWNDpzb3VyY2VfaXB9ICIKICBFTkRMRVNTSF9BQ0NFUFRfVjY6ICIle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0/IEFDQ0VQVCBob3N0PSV7SVBWNjpzb3VyY2VfaXB9ICIKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiAiRU5ETEVTU0hfR09fTElORSIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdAogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZUZvcm1hdAogICAgICAgICAgdmFsdWU6ICIwMTAyIDE1OjA0OjA1IgogIC0gZ3JvazoKICAgICAgbmFtZTogIkVORExFU1NIX0FDQ0VQVF9WNCIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdAogIC0gZ3JvazoKICAgICAgbmFtZTogIkVORExFU1NIX0FDQ0VQVF9WNiIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdAoKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBlbmRsZXNzaAogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgo=",
  "description": "Parse Endlessh logs",
  "author": "crowdsecurity",
  "labels": null

diff --git a/.tests/endlessh-logs/endlessh-logs.log b/.tests/endlessh-logs/endlessh-logs.log
@@ -106,3 +106,6 @@
 2022-02-13T12:15:11.423Z TOTALS connects=708 seconds=33873.219 bytes=47321
 2022-02-13T12:17:31.839Z ACCEPT host=2001:db8:85a3:8d3:1319:8a2e:370:7348 port=54185 fd=4 n=1/4096
 2022-02-13T12:17:59.307Z CLOSE host=2001:db8:85a3:8d3:1319:8a2e:370:7348 port=54185 fd=4 time=20.020 bytes=25
+I0613 10:22:21.684962 1 client.go:58] ACCEPT host=192.168.121.1 port=53598 n=2/4096
+I0613 10:22:22.751686 1 client.go:99] CLOSE host=192.168.121.1 port=42922 time=13.00339604 bytes=199
+I0613 10:22:26.154722 1 client.go:58] ACCEPT host=192.168.121.1 port=53608 n=2/4096