Import crowdsec_1.0.9.orig-hub1.tar.gz

[dgit import orig crowdsec_1.0.9.orig-hub1.tar.gz]

diff --git a/.exportedField/exported.go b/.exportedField/exported.go
new file mode 100644 (file)
index 0000000..f3f6344
--- /dev/null
+++ b/.exportedField/exported.go
@@ -0,0 +1,68 @@
+package main
+
+import (
+       "io/ioutil"
+       "log"
+       "os"
+       "path/filepath"
+
+       "github.com/crowdsecurity/crowdsec/pkg/types"
+       "gopkg.in/yaml.v2"
+)
+
+type ParserResults struct {
+       ProvisionalResults []map[string]map[string]types.Event
+       FinalResults       []types.Event
+}
+
+func main() {
+       var (
+               buf     []byte
+               err     error
+               results []types.Event = []types.Event{}
+               final   types.Event   = types.Event{
+                       Enriched: map[string]string{},
+                       Parsed:   map[string]string{},
+                       Meta:     map[string]string{},
+               }
+       )
+       _ = filepath.Walk(".", func(path string, info os.FileInfo, err error) error {
+               if err != nil {
+                       log.Printf("prevent panic by handling failure accessing a path %q: %v\n", path, err)
+                       return err
+               }
+               if !info.IsDir() && info.Name() == "parser_results.yaml" {
+                       if buf, err = ioutil.ReadFile(path); err != nil {
+                               log.Printf("Unable to read %s: %s", path, err)
+                               return err
+                       }
+                       tmp := ParserResults{}
+                       if err = yaml.Unmarshal(buf, &tmp); err != nil {
+                               log.Printf("Unable to unmarshal path %s: %s", path, err)
+                       }
+                       results = append(results, tmp.FinalResults...)
+               }
+               return nil
+
+       })
+
+       for _, result := range results {
+               for key, value := range result.Enriched {
+                       final.Enriched[key] = value
+               }
+               for key, value := range result.Parsed {
+                       final.Parsed[key] = value
+               }
+               for key, value := range result.Meta {
+                       final.Meta[key] = value
+               }
+       }
+
+       if buf, err = yaml.Marshal(final); err != nil {
+               log.Printf("Unable to marshal result: %s", err)
+       }
+
+       if err = ioutil.WriteFile("exportedField.yaml", buf, 0644); err != nil {
+               log.Printf("Unable to write file: %s", err)
+       }
+}

diff --git a/.exportedField/go.mod b/.exportedField/go.mod
new file mode 100644 (file)
index 0000000..206c030
--- /dev/null
+++ b/.exportedField/go.mod
@@ -0,0 +1,3 @@
+module exported
+
+go 1.15

diff --git a/.github/workflows/dispatch_create_branch.yaml b/.github/workflows/dispatch_create_branch.yaml
new file mode 100644 (file)
index 0000000..0a40dc4
--- /dev/null
+++ b/.github/workflows/dispatch_create_branch.yaml
@@ -0,0 +1,16 @@
+name: Create branch from external dispatch
+
+on:
+  repository_dispatch:
+    types: ['create_branch']
+
+jobs:
+  create_branch:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: peterjgrainger/action-create-branch@v1.0.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          branch: ${{ github.event.client_payload.version }}
\ No newline at end of file

diff --git a/.github/workflows/dispatch_delete_branch.yaml b/.github/workflows/dispatch_delete_branch.yaml
new file mode 100644 (file)
index 0000000..069774a
--- /dev/null
+++ b/.github/workflows/dispatch_delete_branch.yaml
@@ -0,0 +1,16 @@
+name: Delete branch from external dispatch
+
+on:
+  repository_dispatch:
+    types: ['delete_branch']
+
+jobs:
+  delete_branch:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Delete branch
+        uses: dawidd6/action-delete-branch@v3
+        with:
+          github_token: ${{github.token}}
+          branches: ${{ github.event.client_payload.version }}
\ No newline at end of file

diff --git a/.github/workflows/generate_taxonomy.yaml b/.github/workflows/generate_taxonomy.yaml
new file mode 100644 (file)
index 0000000..5be829f
--- /dev/null
+++ b/.github/workflows/generate_taxonomy.yaml
@@ -0,0 +1,36 @@
+name: Generate Taxonomy
+
+on: 
+  push:
+    branches: [ master, wip_lapi ]
+  pull_request:
+    branches: [ master, wip_lapi ]
+
+jobs:
+  generate_taxonomy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - name: Set up Go 1.15
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.15
+      id: go
+    - name: merge all results
+      run: |
+        cd .exportedField
+        export GO111MODULE=on 
+        go build exported.go
+        cd ..
+        .exportedField/exported
+    - name: commit file 
+      run: |
+        git config --local user.email "action@github.com"
+        git config --local user.name "GitHub Action"
+        git commit -m "Update exportedFields" exportedFields.json || exit 0
+    - name: Push changes
+      uses: ad-m/github-push-action@master
+      if: github.event_name == 'push'
+      with:
+        github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+        branch: ${{ github.ref }}

diff --git a/.github/workflows/test_configurations.yaml b/.github/workflows/test_configurations.yaml
new file mode 100644 (file)
index 0000000..24ea1e6
--- /dev/null
+++ b/.github/workflows/test_configurations.yaml
@@ -0,0 +1,49 @@
+name: Test Hub Configurations Items on Hub Changes
+on:
+  - push
+jobs:
+  build-hub-tests:
+    runs-on: ubuntu-latest
+    env:
+      RESULTS_PATH: .
+    steps:
+    - name: Set up Go 1.13
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.13
+      id: go
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+    - name: run tests on crowdsec master
+      run: |
+        rm -rf hub-tests
+        ./tests.sh -i master
+        ./tests.sh --all
+    - name: Find Crowdsec Latest Release Tag
+      id: latesttag
+      uses: pozetroninc/github-action-get-latest-release@master
+      with:
+        repository: crowdsecurity/crowdsec
+        excludes: prerelease, draft
+    - name: run tests on last crowdsec tag
+      run: |
+        rm -rf hub-tests
+        ./tests.sh -i ${{ steps.latesttag.outputs.release }}
+        ./tests.sh --all
+    - name: generate results
+      run: |
+        sudo apt-get update && sudo apt-get install nodejs-dev node-gyp libssl1.0-dev && sudo apt-get install npm
+        sudo npm i -g xunit-viewer
+        xunit-viewer -r output.xml
+        set +x
+        mkdir public
+        sudo mv index.html public
+      id: tests
+    - name: Deploy to GitHub Pages
+      if: github.ref == 'refs/heads/master'
+      uses: JamesIves/github-pages-deploy-action@3.7.1
+      with:
+        BRANCH: gh-pages
+        FOLDER: public
+        ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
+        

diff --git a/.github/workflows/test_configurations_on_hub-tests_changes.yaml b/.github/workflows/test_configurations_on_hub-tests_changes.yaml
new file mode 100644 (file)
index 0000000..8019c70
--- /dev/null
+++ b/.github/workflows/test_configurations_on_hub-tests_changes.yaml
@@ -0,0 +1,38 @@
+name: Test Hub Configurations Items
+on:
+  - repository_dispatch
+
+jobs:
+  build-hub-tests:
+    runs-on: ubuntu-latest
+    env:
+      RESULTS_PATH: .
+    steps:
+    - name: Set up Go 1.13
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.13
+      id: go
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+    - name: run tests
+      run: |
+        ./tests.sh -i ${{ github.event.client_payload.version }}
+        ./tests.sh --all
+    - name: generate results
+      run: |
+        sudo apt-get update && sudo apt-get install nodejs-dev node-gyp libssl1.0-dev && sudo apt-get install npm
+        sudo npm i -g xunit-viewer
+        xunit-viewer -r output.xml
+        set +x
+        mkdir public
+        sudo mv index.html public
+      id: tests
+    - name: Deploy to GitHub Pages
+      if: github.ref == 'refs/heads/master'
+      uses: JamesIves/github-pages-deploy-action@3.7.1
+      with:
+        BRANCH: gh-pages
+        FOLDER: public
+        ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
+        

diff --git a/.github/workflows/update-blockers.yml b/.github/workflows/update-blockers.yml
new file mode 100644 (file)
index 0000000..16c38ad
--- /dev/null
+++ b/.github/workflows/update-blockers.yml
@@ -0,0 +1,29 @@
+name: Update Blockers Meta
+
+on: 
+  schedule:
+    - cron: '0 6 * * *'
+    - cron: '0 18 * * *'
+
+jobs:
+  update_blockers:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/setup-go@v1
+      with:
+        go-version: 1.13
+    - uses: actions/checkout@v1
+    - name: Create local changes
+      run: |
+        go build
+        ./main -target blockers
+    - name: Commit files
+      run: |
+        git config --local user.email "action@github.com"
+        git config --local user.name "GitHub Action"
+        git commit -m "Update blockers meta" blockers.json || exit 0
+    - name: Push changes
+      uses: ad-m/github-push-action@master
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        branch: master
\ No newline at end of file

diff --git a/.github/workflows/update-index.yml b/.github/workflows/update-index.yml
new file mode 100644 (file)
index 0000000..0be3536
--- /dev/null
+++ b/.github/workflows/update-index.yml
@@ -0,0 +1,39 @@
+name: Update index
+
+on: 
+  push:
+    paths:
+      - 'scenarios/**.yaml'
+      - 'parsers/**.yaml'
+      - 'postoverflows/**.yaml'
+      - 'collections/**.yaml'
+      - 'scenarios/**.md'
+      - 'parsers/**.md'
+      - 'postoverflows/**.md'
+      - 'collections/**.md'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/setup-go@v1
+      with:
+        go-version: 1.13
+    - uses: actions/checkout@v1
+    - name: Create local changes
+      run: |
+        go build
+        ./main -target configs
+    - name: Commit files
+      if: ${{ github.event_name == 'push'}}
+      run: |
+        git config --local user.email "action@github.com"
+        git config --local user.name "GitHub Action"
+        git commit -m "Update index" .index.json || exit 0
+    - name: Push changes
+      if: ${{ github.event_name == 'push'}}
+      uses: ad-m/github-push-action@master
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        branch: ${{ github.ref }}
+

diff --git a/.gitignore b/.gitignore
new file mode 100644 (file)
index 0000000..faf924f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,12 @@
+## Directories for hub-test
+config/
+hub-tests/
+data/
+output.xml
+
+**.fail
+go.sum
+.vscode/
+main
+
+workspace.code-workspace
\ No newline at end of file

diff --git a/.index.json b/.index.json
new file mode 100644 (file)
index 0000000..fa44adf
--- /dev/null
+++ b/.index.json
@@ -0,0 +1,1231 @@
+{
+ "collections": {
+  "crowdsecurity/apache2": {
+   "path": "collections/crowdsecurity/apache2.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "3601f38e187479724e830e0182f51468c980f661e6eedc6d2e586f622e3b48ea",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIGZvciBhcGFjaGUyIDoKIC0gYXBhY2hlMiBwYXJzZXIKIC0gYmFzZSBodHRwIHNjZW5hcmlvcyBmb3IgY3Jhd2wsIHNjYW4gZXRjLgoK",
+   "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvYXBhY2hlMi1sb2dzCmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9iYXNlLWh0dHAtc2NlbmFyaW9zCmRlc2NyaXB0aW9uOiAiYXBhY2hlMiBzdXBwb3J0IDogcGFyc2VyIGFuZCBnZW5lcmljIGh0dHAgc2NlbmFyaW9zICIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gYXBhY2hlMgogIC0gY3Jhd2wKICAtIHNjYW4KCg==",
+   "description": "apache2 support : parser and generic http scenarios ",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/apache2-logs"
+   ],
+   "collections": [
+    "crowdsecurity/base-http-scenarios"
+   ]
+  },
+  "crowdsecurity/base-http-scenarios": {
+   "path": "collections/crowdsecurity/base-http-scenarios.yaml",
+   "version": "0.3",
+   "versions": {
+    "0.1": {
+     "digest": "7ee043a9d2e063cad751e6ce5d048f02518a76d39ec81aebed3bae736b0ced9e",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "affdb706e66ffd924086b24e94734589672fb531f80fe366ab06a8c3228962e2",
+     "deprecated": false
+    },
+    "0.3": {
+     "digest": "543df5abb020afb51f3ab9d83cdc031e95572983e72f32a59b9f6f75cac990c3",
+     "deprecated": false
+    }
+   },
+   "long_description": "Kipjb250YWlucyBubyBwYXJzZXIsIG1lYW50IHRvIGJlIGVtYmVkZGVkKioKCkEgY29sbGVjdGlvbiBvZiBkZWZlbnNpdmUgKGltcGxlbWVudGF0aW9uIGluZGVwZW5kZW50KSBzY2VuYXJpb3MgZm9yIGh0dHAgc2VydmljZXMgOgogLSBhZ2dyZXNzaXZlIGNyYXdsIGRldGVjdGlvbgogLSBzY2FubmluZy9wcm9iaW5nIGRldGVjdGlvbgogLSBiYWQgdXNlci1hZ2VudCBkZXRlY3Rpb24KIC0gcGF0aCB0cmF2ZXJzYWwgZGV0ZWN0aW9uCiAtIHNlbnNpdGl2ZSBkYXRhIGFjY2VzcyBhdHRlbXB0cyBkZXRlY3Rpb24KIC0gU1FMIGluamVjdGlvbiBkZXRlY3Rpb24KCjp3YXJuaW5nOiBUaGlzIGNvbGxlY3Rpb24gaXMgX25vdF8gYSBXQUYgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4KCgoK",
+   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1jcmF3bC1ub25fc3RhdGljcwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1iYWQtdXNlci1hZ2VudAogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXBhdGgtdHJhdmVyc2FsLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1zZW5zaXRpdmUtZmlsZXMKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1zcWxpLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC14c3MtcHJvYmluZwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWJhY2tkb29ycy1hdHRlbXB0cwogIC0gbHRzaWNoL2h0dHAtdzAwdHcwMHQKCmRlc2NyaXB0aW9uOiAiaHR0cCBjb21tb24gOiBzY2FubmVycyBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIGh0dHAKICAtIGNyYXdsCiAgLSBzY2FuCgo=",
+   "description": "http common : scanners detection",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/http-logs"
+   ],
+   "scenarios": [
+    "crowdsecurity/http-crawl-non_statics",
+    "crowdsecurity/http-probing",
+    "crowdsecurity/http-bad-user-agent",
+    "crowdsecurity/http-path-traversal-probing",
+    "crowdsecurity/http-sensitive-files",
+    "crowdsecurity/http-sqli-probing",
+    "crowdsecurity/http-xss-probing",
+    "crowdsecurity/http-backdoors-attempts",
+    "ltsich/http-w00tw00t"
+   ]
+  },
+  "crowdsecurity/dovecot": {
+   "path": "collections/crowdsecurity/dovecot.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "7990a4b855273b5ceaa379d2979d796e070c96a398caeefbfa1933cc36f690be",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIGZvciBkb3ZlY290CiAqIGRvdmVjb3QgbG9nIHBhcnNlcnMKICogZG92ZWNvdCBzY2VuYXJpbyBicnV0ZWZvcmNlIHNwYW0gYXR0ZW1wdAoKVGhpcyBjb2xsZWN0aW9uIG1vc3RseSBhaW1zIGF0IGdldHRpbmcgc2ltaWxhciBzcGFtIHByb3RlY3Rpb24gYXMKdGhlIG5vcm1hbCBmYWlsMmJhbiBkb3ZlY290IGNvbmZpZ3VyYXRpb24uCgpUaGUgcmVsZXZhbnQgYGFjcXVpcy55YW1sYCBzaG91bGQgYmU6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL21haWwubG9nCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCgoKPiBDb250cmlidXRpb24gYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=",
+   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1zcGFtCmRlc2NyaXB0aW9uOiAiZG92ZWNvdCBzdXBwb3J0IDogcGFyc2VyIGFuZCBzcGFtbWVyIGRldGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gc3BhbQogIC0gYnJ1dGVmb3JjZQo=",
+   "description": "dovecot support : parser and spammer detection",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/dovecot-logs"
+   ],
+   "scenarios": [
+    "crowdsecurity/dovecot-spam"
+   ]
+  },
+  "crowdsecurity/iptables": {
+   "path": "collections/crowdsecurity/iptables.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "ba5c8e97c06b19e4c075e0285e6b60c1da3b86381c88c4bfea4b374378ced10a",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIGZvciBwb3J0c2NhbiBkZXRlY3Rpb24gdmlhIGlwdGFibGVzIDoKIC0gaXB0YWJsZXMgcGFyc2VyIChsaWtlIGluIGAtaiBMT0dgKQogLSBtdWx0aSBwb3J0IHNjYW4gZGV0ZWN0aW9uCgo=",
+   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaXB0YWJsZXMtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2lwdGFibGVzLXNjYW4tbXVsdGlfcG9ydHMKZGVzY3JpcHRpb246ICJpcHRhYmxlcyBzdXBwb3J0IDogbG9ncyBhbmQgcG9ydC1zY2FucyBkZXRlY3Rpb24gc2NlbmFyaW9zIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBwb3J0c2NhbgogIC0gaXB0YWJsZXMKCg==",
+   "description": "iptables support : logs and port-scans detection scenarios",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/iptables-logs"
+   ],
+   "scenarios": [
+    "crowdsecurity/iptables-scan-multi_ports"
+   ]
+  },
+  "crowdsecurity/linux": {
+   "path": "collections/crowdsecurity/linux.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "8d16483218a979b84549fb020b0342feea3d1f4951294b6994d33a9b7214842f",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "baaa37b12b4d734fab81ae01ff81c58ceb7a99304f21e6bb6ff86b871ed6d5eb",
+     "deprecated": false
+    }
+   },
+   "long_description": "Kipjb3JlIHBhY2thZ2UgZm9yIGxpbnV4KioKCmNvbnRhaW5zIHN1cHBvcnQgZm9yIHN5c2xvZywgZG8gbm90IHJlbW92ZS4K",
+   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCiAgLSBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2gKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L3NzaGQKZGVzY3JpcHRpb246ICJjb3JlIGxpbnV4IHN1cHBvcnQgOiBzeXNsb2crZ2VvaXArc3NoIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4Cgo=",
+   "description": "core linux support : syslog+geoip+ssh",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/syslog-logs",
+    "crowdsecurity/geoip-enrich",
+    "crowdsecurity/dateparse-enrich"
+   ],
+   "collections": [
+    "crowdsecurity/sshd"
+   ]
+  },
+  "crowdsecurity/modsecurity": {
+   "path": "collections/crowdsecurity/modsecurity.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "530454a9dbdb3800f62de4b8ba7d6ed2160b4e533d577c52393f5f286df2b615",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIGZvciBtb2RzZWN1cml0eSAodGVzdGVkIG9ubHkgd2l0aCBBcGFjaGUpOgogLSBtb2RzZWN1cml0eSBwYXJzZXI6IGBjcm93ZHNlY3VyaXR5L21vZHNlY3VyaXR5YAogLSBtb2RzZWN1cml0eSBzY2VuYXJpbzogYGNyb3dkc2VjdXJpdHkvbW9kc2VjdXJpdHk=",
+   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbW9kc2VjdXJpdHkKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIm1vZHNlY3VyaXR5IHN1cHBvcnQgOiBtb2RzZWN1cml0eSBwYXJzZXIgYW5kIHNjZW5hcmlvIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSB3ZWIKICAtIHdhZg==",
+   "description": "modsecurity support : modsecurity parser and scenario",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/modsecurity"
+   ],
+   "scenarios": [
+    "crowdsecurity/modsecurity"
+   ]
+  },
+  "crowdsecurity/mysql": {
+   "path": "collections/crowdsecurity/mysql.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "77e63a6deedaedc15457691e8631633c15663e796f9e896331d64aa3614fdafc",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIGZvciBteXNxbCBzZXJ2aWNlcyA6CiAtIG15c3FsIGxvZ3MgcGFyc2VyCiAtIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiA=",
+   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbXlzcWwtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L215c3FsLWJmCmRlc2NyaXB0aW9uOiAibXlzcWwgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gbXlzcWwKICAtIGJydXRlZm9yY2UK",
+   "description": "mysql support : logs and brute-force scenarios",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/mysql-logs"
+   ],
+   "scenarios": [
+    "crowdsecurity/mysql-bf"
+   ]
+  },
+  "crowdsecurity/naxsi": {
+   "path": "collections/crowdsecurity/naxsi.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "cd093e3b26795e8ae86898a585ef77509dc988c4841ea49ba61795a7c849b06e",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIHRvIGRldGVjdCB2aXJ0dWFsIHBhdGNoIHZpb2xhdGlvbnMgOgogLSBuYXhzaSBsb2dzIHBhcnNlcgogLSB2cGF0Y2ggaGlnaCBpZCAoPjk5OTkpIHRyaWdnZXIgcnVsZQog",
+   "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9uYXhzaS1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvbmF4c2ktZXhwbG9pdC12cGF0Y2gKZGVzY3JpcHRpb246ICJuYXhzaSBzdXBwb3J0IDogcGFyc2VyIGFuZCB2cGF0Y2ggc2NlbmFyaW8iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIG5naW54CiAgLSBuYXhzaQogIC0gZXhwbG9pdAoK",
+   "description": "naxsi support : parser and vpatch scenario",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/nginx-logs",
+    "crowdsecurity/naxsi-logs"
+   ],
+   "scenarios": [
+    "crowdsecurity/naxsi-exploit-vpatch"
+   ]
+  },
+  "crowdsecurity/nginx": {
+   "path": "collections/crowdsecurity/nginx.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "5ef06c9a84fbea5b01d901a6a23d5de8de811da5036e5ec4f6a8d00fb096805b",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBuZ2lueCBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gbmdpbnggcGFyc2VyCiAtIGJhc2UgaHR0cCBzY2VuYXJpb3MgKGNyYXdsLCA0MDQgc2NhbiwgYmYpCgo=",
+   "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvYmFzZS1odHRwLXNjZW5hcmlvcwpkZXNjcmlwdGlvbjogIm5naW54IHN1cHBvcnQgOiBwYXJzZXIgYW5kIGdlbmVyaWMgaHR0cCBzY2VuYXJpb3MiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIG5naW54CiAgLSBjcmF3bAogIC0gc2NhbgoK",
+   "description": "nginx support : parser and generic http scenarios",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/nginx-logs"
+   ],
+   "collections": [
+    "crowdsecurity/base-http-scenarios"
+   ]
+  },
+  "crowdsecurity/postfix": {
+   "path": "collections/crowdsecurity/postfix.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "81767bab91a7a071d8d32f3227f2391744eef5ba6a4cf916a96ec8183d050ae0",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "b4cceea527807a9fe70f673ef34e0d7d4372267d665fbbe164f0d6a1a3531a2e",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIGZvciBwb3N0Zml4CiAqIHBvc3RmaXggbG9nIHBhcnNlcnMKICogcG9zdHNjcmVlbiBsb2cgcGFyc2VyCiAqIHBvc3RmaXggc2NlbmFyaW8gYnJ1dGVmb3JjZSBzcGFtIGF0dGVtcHQKICogcG9zdHNjcmVlbiByYiBhdHRlbXB0IGJsYWNrbGlzdAoKVGhpcyBjb2xsZWN0aW9uIG1vc3RseSBhaW1zIGF0IGdldHRpbmcgYSBzaW1pbGFyIHNwYW0gcHJvdGVjdGlvbiBhcwp0aGUgbm9ybWFsIGZhaWwyYmFuIHBvc3RmaXggY29uZmlndXJhdGlvbiBhbHRob3VnaCBwb3N0Y3JlZW4gbG9nCm1hbmFnZW1lbnQgaXNuJ3QgaW5jbHVkZWQgYnkgZGVmYXVsdCBieSBmYWlsMmJhbi4KClRoZSByZWxldmFudCBgYWNxdWlzLnlhbWxgIHNob3VsZCBiZToKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvbWFpbC5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAK",
+   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcG9zdGZpeC1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L3Bvc3RzY3JlZW4tbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3Bvc3RmaXgtc3BhbQpkZXNjcmlwdGlvbjogInBvc3RmaXggc3VwcG9ydCA6IHBhcnNlciBhbmQgc3BhbW1lciBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNwYW0KICAtIGJydXRlZm9yY2UK",
+   "description": "postfix support : parser and spammer detection",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/postfix-logs",
+    "crowdsecurity/postscreen-logs"
+   ],
+   "scenarios": [
+    "crowdsecurity/postfix-spam"
+   ]
+  },
+  "crowdsecurity/sshd": {
+   "path": "collections/crowdsecurity/sshd.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "21159aeb87529efcf1a5033f720413d5321a6451bab679a999f7f01a7aa972b3",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBzc2hkIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBzc2ggcGFyc2VyCiAtIHNzaCBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCiAKCg==",
+   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoZC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoLWJmCmRlc2NyaXB0aW9uOiAic3NoZCBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNzaAogIC0gYnJ1dGVmb3JjZQoK",
+   "description": "sshd support : parser and brute-force detection",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/sshd-logs"
+   ],
+   "scenarios": [
+    "crowdsecurity/ssh-bf"
+   ]
+  },
+  "crowdsecurity/vsftpd": {
+   "path": "collections/crowdsecurity/vsftpd.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "7cb60c9ce9772d4dc7227cc415a55114b8f4e3c07e27c17a666e56e11cb04b32",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBWU0ZUUEQgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6Ci0gVlNGVFBEIHBhcnNlcjogYGNyb3dkc2VjdXJpdHkvdnNmdHBkLWxvZ3NgCi0gYnJ1dGVmb3JjZSBzY2VuYXJpbyA6IGBjcm93ZHNlY3VyaXR5L3ZzZnRwZC1iZmA=",
+   "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvdnNmdHBkLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS92c2Z0cGQtYmYKZGVzY3JpcHRpb246ICJWU0ZUUEQgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gZnRwCiAgLSBicnV0ZWZvcmNlCg==",
+   "description": "VSFTPD support : logs and brute-force scenarios",
+   "author": "crowdsecurity",
+   "labels": null,
+   "parsers": [
+    "crowdsecurity/vsftpd-logs"
+   ],
+   "scenarios": [
+    "crowdsecurity/vsftpd-bf"
+   ]
+  },
+  "crowdsecurity/whitelist-good-actors": {
+   "path": "collections/crowdsecurity/whitelist-good-actors.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "70f9b1723423de3918bfa3f33fa9c266da71c897b6173ff21e2fb73f9a24245e",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIHRvIHdoaXRlbGlzdCBhbGwgZ29vZCBhY3RvcnMgOgogLSByZG5zIHRvIHVzZSBpdCBpbiB3aGl0ZWxpc3RzIHRoYXQgbmVlZCByZG5zCiAtIHJkbnMgb2YgYWxsIGdvb2Qgc2VhcmNoIGVuZ2luZSBjcmF3bGVycyAoZ29vZ2xlYm90LCBiaW5nIGV0Yy4uLikKIC0gdHJ1c3RlZCBwYXJ0bmVycyBsaWtlIGNsb3VkZmxhcmU=",
+   "content": "cG9zdG92ZXJmbG93czoKICAtIGNyb3dkc2VjdXJpdHkvc2VvLWJvdHMtd2hpdGVsaXN0CiAgLSBjcm93ZHNlY3VyaXR5L2Nkbi13aGl0ZWxpc3QKICAtIGNyb3dkc2VjdXJpdHkvcmRucwpkZXNjcmlwdGlvbjogIkdvb2QgYWN0b3JzIHdoaXRlbGlzdHMiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2hpdGVsaXN0CiAgLSBib3RzCiAgLSBwYXJ0bmVycwo=",
+   "description": "Good actors whitelists",
+   "author": "crowdsecurity",
+   "labels": null,
+   "postoverflows": [
+    "crowdsecurity/seo-bots-whitelist",
+    "crowdsecurity/cdn-whitelist",
+    "crowdsecurity/rdns"
+   ]
+  },
+  "crowdsecurity/wordpress": {
+   "path": "collections/crowdsecurity/wordpress.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "14f428b1d171a092d703478a891db27aaf83a3f6ba99199a3be4a64d193d718d",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB3b3JkcHJlc3MgYWdhaW5zdCBicnV0ZWZvcmNlIDoKIC0gd3AtbG9naW4ucGhwIGJydXRlZm9yY2UgZGV0ZWN0aW9uCg==",
+   "content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZgpkZXNjcmlwdGlvbjogIndvcmRwcmVzcyA6IGJydXRlZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSB3b3JkcHJlc3MKICAtIGJydXRlZm9yY2UKCg==",
+   "description": "wordpress : bruteforce detection",
+   "author": "crowdsecurity",
+   "labels": null,
+   "scenarios": [
+    "crowdsecurity/http-bf-wordpress_bf"
+   ]
+  }
+ },
+ "parsers": {
+  "crowdsecurity/apache2-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/apache2-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.4",
+   "versions": {
+    "0.1": {
+     "digest": "405a1eacb736240024a1302fb7a95184bd1dbb4205c9746877b01aa74aff602f",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "911be04b02a2aef5052020087b0941c9a646a0ad6213cb34d541d35c5c10fba1",
+     "deprecated": false
+    },
+    "0.3": {
+     "digest": "2acd7b53dd7ac9765246dbcc539395ad89942a5b48f3cab6b1489cb6c9fe1360",
+     "deprecated": false
+    },
+    "0.4": {
+     "digest": "63c47a8b0740d05e15a84640c44cdbc7b96907deae4650dcdb61329d37bcf9e8",
+     "deprecated": false
+    }
+   },
+   "long_description": "VGhpcyBhcGFjaGUyIHBhcnNlciBzdXBwb3J0IGFjY2VzcyBhbmQgZXJyb3IgbG9ncyBpbiB0aGUgSFRUUEQgQ09NQklORUQgTE9HIHN0YW5kYXJkIGZvcm1hdC4KCipub3RlIDogKiBJZiB5b3UgYXJlIGFnZ3JlZ2F0aW5nIGxvZ3MgZnJvbSBzZXZlcmFsIGRvbWFpbnMsIHByZWZpeCB5b3VyIGxvZ2xpbmUgd2l0aCB0aGUgdGFyZ2V0IEZRRE4uIEhUVFAgYmFzZWQgc2NlbmFyaW9zIHNob3VsZCB0YWtlIHRoaXMgaW50byBhY2NvdW50IHNvIHRoYXQgYnVja2V0cyBhcmUgX3Blcl8gc291cmNlIElQIHBlciB0YXJnZXQgRlFETiwgbGltaXRpbmcgZmFsc2UgcG9zaXRpdmVzIGR1ZSB0byBsb2dzIG11bHRpcGxleGluZy4K",
+   "content": "I0FwYWNoZSBhY2Nlc3MvZXJyb3JzIGxvZ3MKI2RlYnVnOiB0cnVlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBzdGFydHNXaXRoICdhcGFjaGUyJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXBhY2hlMi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgQXBhY2hlMiBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MiCiNsb2cgbGluZSBjYW4gYmUgcHJlZml4ZWQgYnkgYSB0YXJnZXRfZnFkbgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le0NPTU1PTkFQQUNIRUxPR30gJXtRUzpyZWZlcnJlcn0gJXtRUzpodHRwX3VzZXJfYWdlbnR9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAjIHRoZXNlIG9uZXMgYXBwbHkgZm9yIGJvdGggZ3JvayBwYXR0ZXJucwogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAgICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgICAgICB2YWx1ZTogaHR0cAogICAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmNsaWVudGlwCiAgICAgICAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5yZXNwb25zZQogICAgICAgIC0gbWV0YTogaHR0cF9wYXRoCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJlcXVlc3QKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7SFRUUERfRVJST1JMT0d9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgTk9UX0RPVUJMRV9QT0lOVDogJ1teOl0rJwogICAgICBOT1RfRE9VQkxFX1FVT1RFOiAnW14iXSsnICAgIAogICAgbm9kZXM6CiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5tb2R1bGUgPT0gJ2F1dGhfYmFzaWMnIgogICAgICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgICAgIHBhdHRlcm5fc3ludGF4OgogICAgICAgICAgRVhUUkFDVF9VU0VSX0FORF9QQVRIOiAndXNlciAle05PVF9ET1VCTEVfUE9JTlQ6dXNlcm5hbWV9OiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlIGZvciAiJXtOT1RfRE9VQkxFX1FVT1RFOnRhcmdldF91cml9IjogUGFzc3dvcmQgTWlzbWF0Y2gnCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle0VYVFJBQ1RfVVNFUl9BTkRfUEFUSH0nCiAgICAgICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAgICAgIyB0aGVzZSBvbmVzIGFwcGx5IGZvciBib3RoIGdyb2sgcGF0dGVybnMKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCiAgICAgICAgICAtIG1ldGE6IGh0dHBfcGF0aAogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRhcmdldF91cmkKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJhdXRoX2ZhaWwiCiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5tb2R1bGUgPT0gJ2F1dGh6X2NvcmUnICYmIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnY2xpZW50IGRlbmllZCciCiAgICAgICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICAgICAgcGF0dGVybl9zeW50YXg6CiAgICAgICAgICBFWFRSQUNUX1BBVEg6ICdjbGllbnQgZGVuaWVkIGJ5IHNlcnZlciBjb25maWd1cmF0aW9uOiAle0dSRUVEWURBVEE6dGFyZ2V0X3VyaX0nCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle0VYVFJBQ1RfUEFUSH0nCiAgICAgICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IGh0dHBfcGF0aAogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRhcmdldF91cmkKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJwZXJtaXNzaW9uX2RlbmllZCIKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICB2YWx1ZTogaHR0cF9lcnJvci1sb2cKICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAgICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgICAgdmFsdWU6IGh0dHAKICAgICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmNsaWVudAogICAgICAtIG1ldGE6IGh0dHBfc3RhdHVzCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5yZXNwb25zZQoKICAgICAg",
+   "description": "Parse Apache2 access and error logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/cowrie-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/cowrie-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "4ebcf38bef1106ba94ccf6aa575958695de12fa1278b25dddb76cfdce93b553b",
+     "deprecated": false
+    }
+   },
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNvd3JpZS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgY293cmllIGhvbmV5cG90cyBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2Nvd3JpZSciCmdyb2s6CiAgbmFtZTogIkNPV1JJRV9ORVdfQ08iCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGVsbmV0CiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiB0ZWxuZXRfbmV3X3Nlc3Npb24KICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gbWV0YTogZGVzdF9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kZXN0X2lwIgogICAgLSBtZXRhOiBkZXN0X3BvcnQKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZGVzdF9wb3J0IgogICAgLSBwYXJzZWQ6ICJ0ZWxuZXRfc2Vzc2lvbiIKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGVsbmV0X3Nlc3Npb24i",
+   "description": "Parse cowrie honeypots logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/dateparse-enrich": {
+   "path": "parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml",
+   "stage": "s02-enrich",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "16b79f7ef39d0c5e71180cff559b0e2ef98983f2009b5f26d778509e897f94d4",
+     "deprecated": false
+    }
+   },
+   "long_description": "UGFyc2VzIHRpbWVzdGFtcCBzdHJpbmdzIGluIGxvZ3MgdG8gYmUgdXNlZCBpbiBbZm9yZW5zaWMgbW9kZV0oaHR0cHM6Ly9kb2MuY3Jvd2RzZWMubmV0L0Nyb3dkc2VjL3YxL3VzZXJfZ3VpZGUvZm9yZW5zaWNfbW9kZS8pLiBUaGUgZm9sbG93aW5nIGZvcm1hdHMgYXJlIGN1cnJlbnRseSBzdXBwb3J0ZWQgOgoKIC0gUkZDMzMzOQogLSBgMDIvSmFuLzIwMDY6MTU6MDQ6MDUgLTA3MDBgCiAtIGBNb24gSmFuIDIgMTU6MDQ6MDUgMjAwNmAKIC0gYDAyLUphbi0yMDA2IDE1OjA0OjA1IGV1cm9wZS9wYXJpc2AKIC0gYDAxLzAyLzIwMDYgMTU6MDQ6MDVgCiAtIGAyMDA2LTAxLTAyIDE1OjA0OjA1Ljk5OTk5OTk5OSAtMDcwMCBNU1RgCiAtIGBKYW4gIDIgMTU6MDQ6MDVgCiAtIGBNb24gSmFuIDAyIDE1OjA0OjA1LjAwMDAwMCAyMDA2YAogLSBgMjAwNi0wMS0wMlQxNTowNDowNVowNzowMGAKIC0gYDIwMDYvMDEvMDJgCiAtIGAyMDA2LzAxLzAyIDE1OjA0YAogLSBgMjAwNi0wMS0wMmAKIC0gYDIwMDYtMDEtMDIgMTU6MDRgCgpUaGUgYFN0clRpbWVgIGl0ZW0gb2YgdGhlIGV2ZW50IGlzIHBhcnNlZCBieSBkZWZhdWx0LiBTZWUgW2Nyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3NdKGh0dHBzOi8vaHViLmNyb3dkc2VjLm5ldC9hdXRob3IvY3Jvd2RzZWN1cml0eS9jb25maWd1cmF0aW9ucy9zeXNsb2ctbG9ncykgYXMgYW4gZXhhbXBsZSBvZiBhIHBhcnNlciBzZXR0aW5nIHRoaXMgZmllbGQgZm9yIGBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2hgLgo=",
+   "content": "ZmlsdGVyOiAiZXZ0LlN0clRpbWUgIT0gJyciCm5hbWU6IGNyb3dkc2VjdXJpdHkvZGF0ZXBhcnNlLWVucmljaAojZGVidWc6IHRydWUKI2l0J3MgYSBoYWNrIGxvbApzdGF0aWNzOgogIC0gbWV0aG9kOiBQYXJzZURhdGUKICAgIGV4cHJlc3Npb246IGV2dC5TdHJUaW1lCiAgLSB0YXJnZXQ6IE1hcnNoYWxlZFRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5NYXJzaGFsZWRUaW1l",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/dovecot-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/dovecot-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "3d30684b5d1ceea08ea743a2fa1697178d878bd87eb55e465432c000da162b42",
+     "deprecated": false
+    }
+   },
+   "content": "I2NvbnRyaWJ1dGlvbiBieSBAbHRzaWNoCm9uc3VjY2VzczogbmV4dF9zdGFnZQpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdkb3ZlY290JyIKbmFtZTogY3Jvd2RzZWN1cml0eS9kb3ZlY290LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBkb3ZlY290IGxvZ3MiCmdyb2s6CiAgcGF0dGVybjogIiV7V09SRDpwcm90b2NvbH0tbG9naW46ICV7REFUQTpkb3ZlY290X2xvZ2luX3Jlc3VsdH06IHVzZXI9PCV7REFUQTpkb3ZlY290X3VzZXJ9Pi4qLCByaXA9JXtJUDpkb3ZlY290X3JlbW90ZV9pcH0sIGxpcD0le0lQOmRvdmVjb3RfbG9jYWxfaXB9IgogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBkb3ZlY290X2xvZ3MKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRvdmVjb3RfcmVtb3RlX2lwIgo=",
+   "description": "Parse dovecot logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/geoip-enrich": {
+   "path": "parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml",
+   "stage": "s02-enrich",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "c0718adfc71ad462ad90485ad5c490e5de0e54d8af425bff552994e114443ab6",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "ab327e6044a32de7d2f3780cbc8e0c4af0c11716f353023d2dc7b986571bb765",
+     "deprecated": false
+    }
+   },
+   "long_description": "VGhlIEdlb0lQIG1vZHVsZSByZWxpZXMgb24gZ2VvbGl0ZSBkYXRhYmFzZSB0byBwcm92aWRlIGVucmljaG1lbnQgb24gc291cmNlIGlwLgoKVGhlIGZvbGxvd2luZyBpbmZvcm1hdGlvbnMgd2lsbCBiZSBhZGRlZCB0byB0aGUgZXZlbnQgOgogLSBgTWV0YS5Jc29Db2RlYCA6IHR3by1sZXR0ZXJzIGNvdW50cnkgY29kZQogLSBgTWV0YS5Jc0luRVVgIDogYSBib29sZWFuIGluZGljYXRpbmcgaWYgSVAgaXMgaW4gRVUKIC0gYE1ldGEuR2VvQ29vcmRzYCA6IGxhdGl0dWRlICYgbG9uZ2l0dWRlIG9mIElQCiAtIGBNZXRhLkFTTk51bWJlcmAgOiBBdXRvbm9tb3VzIFN5c3RlbSBOdW1iZXIKIC0gYE1ldGEuQVNOT3JnYCA6IEF1dG9ub21vdXMgU3lzdGVtIE5hbWUKIC0gYE1ldGEuU291cmNlUmFuZ2VgIDogVGhlIHB1YmxpYyByYW5nZSB0byB3aGljaCB0aGUgSVAgYmVsb25ncwoKClRoaXMgY29uZmlndXJhdGlvbiBpbmNsdWRlcyBHZW9MaXRlMiBkYXRhIGNyZWF0ZWQgYnkgTWF4TWluZCBhdmFpbGFibGUgZnJvbSBbaHR0cHM6Ly93d3cubWF4bWluZC5jb21dKGh0dHBzOi8vd3d3Lm1heG1pbmQuY29tKSwgaXQgaW5jbHVkZXMgdHdvIGRhdGEgZmlsZXM6IAoqIFtHZW9MaXRlMi1DaXR5Lm1tZGJdKGh0dHBzOi8vY3Jvd2RzZWMtc3RhdGljcy1hc3NldHMuczMtZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vR2VvTGl0ZTItQ2l0eS5tbWRiKQoqIFtHZW9MaXRlMi1BU04ubW1kYl0oaHR0cHM6Ly9jcm93ZHNlYy1zdGF0aWNzLWFzc2V0cy5zMy1ldS13ZXN0LTEuYW1hem9uYXdzLmNvbS9HZW9MaXRlMi1BU04ubW1kYikKCg==",
+   "content": "ZmlsdGVyOiAiJ3NvdXJjZV9pcCcgaW4gZXZ0Lk1ldGEiCm5hbWU6IGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCmRlc2NyaXB0aW9uOiAiUG9wdWxhdGUgZXZlbnQgd2l0aCBnZW9sb2MgaW5mbyA6IGFzLCBjb3VudHJ5LCBjb29yZHMsIHNvdXJjZSByYW5nZS4iCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2Nyb3dkc2VjLXN0YXRpY3MtYXNzZXRzLnMzLWV1LXdlc3QtMS5hbWF6b25hd3MuY29tL0dlb0xpdGUyLUNpdHkubW1kYgogICAgZGVzdF9maWxlOiBHZW9MaXRlMi1DaXR5Lm1tZGIKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vY3Jvd2RzZWMtc3RhdGljcy1hc3NldHMuczMtZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vR2VvTGl0ZTItQVNOLm1tZGIKICAgIGRlc3RfZmlsZTogR2VvTGl0ZTItQVNOLm1tZGIKc3RhdGljczoKICAtIG1ldGhvZDogR2VvSXBDaXR5CiAgICBleHByZXNzaW9uOiBldnQuTWV0YS5zb3VyY2VfaXAKICAtIG1ldGE6IElzb0NvZGUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc29Db2RlCiAgLSBtZXRhOiBJc0luRVUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc0luRVUKICAtIG1ldGE6IEdlb0Nvb3JkcwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkdlb0Nvb3JkcwogIC0gbWV0aG9kOiBHZW9JcEFTTgogICAgZXhwcmVzc2lvbjogZXZ0Lk1ldGEuc291cmNlX2lwCiAgLSBtZXRhOiBBU05OdW1iZXIKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5BU05OdW1iZXIKICAtIG1ldGE6IEFTTk9yZwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkFTTk9yZwogIC0gbWV0aG9kOiBJcFRvUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5NZXRhLnNvdXJjZV9pcAogIC0gbWV0YTogU291cmNlUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Tb3VyY2VSYW5nZQo=",
+   "description": "Populate event with geoloc info : as, country, coords, source range.",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/http-logs": {
+   "path": "parsers/s02-enrich/crowdsecurity/http-logs.yaml",
+   "stage": "s02-enrich",
+   "version": "0.5",
+   "versions": {
+    "0.1": {
+     "digest": "d11c01b85927959d1619735c6ac09f260008211edcbf496db0d01b0bd93c5be2",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "1274d4a8afd04f96fa0adb03f661ba4a7771cd0be84cf33d1b405881d07c5f0e",
+     "deprecated": false
+    },
+    "0.3": {
+     "digest": "26d3a09d652bd0024ceb1b51a864183367d7391fa33c87db5274c1e47c072999",
+     "deprecated": false
+    },
+    "0.4": {
+     "digest": "ba77a9a5e6b979b9e8d327946aea0a42eed1f035766b80aab2c2a43fb7cf3c13",
+     "deprecated": false
+    },
+    "0.5": {
+     "digest": "132938d05f1af484c29088b588aaa86a329a2e677842e17c255295fb47532990",
+     "deprecated": false
+    }
+   },
+   "long_description": "VGhpcyBwYXJzZXIgaXMgYSBnZW5lcmljIHBvc3QtcGFyc2luZyBodHRwIHJlLXBhcnNlciBhbmQgcHJvZmlkZXMgbW9yZSBkZXRhaWxlZCBpbmZvcm1hdGlvbiBzdWNoIGFzIDoKIC0gc3RhdGljX3Jlc3NvdXJjZSA6IGEgYm9vbGVhbiB0byB0ZWxsIGlmIHRoZSByZXF1ZXN0ZWQgcmVzc291cmNlIGlzIGEgc3RhdGljIGZpbGUKIC0gZmlsZV9uYW1lIDogc2ltcGxlIGZpbGUrZmlsZS1leHRlbnNpb24KIC0gaW1wYWN0X2NvbXBsZXRpb24gOiBhIGJvb2xlYW4gZmxhZyBpbmRpY2F0aW5nIGlmIHRoZSByZXF1ZXN0IHN1Y2NlZWRlZCAoYmFzZWQgb24gdGhlIGh0dHAgcmVzcG9uc2UgY29kZSkK",
+   "content": "ZmlsdGVyOiAiZXZ0Lk1ldGEuc2VydmljZSA9PSAnaHR0cCcgJiYgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSIKZGVzY3JpcHRpb246ICJQYXJzZSBtb3JlIFNwZWNpZmljYWxseSBIVFRQIGxvZ3MsIHN1Y2ggYXMgSFRUUCBDb2RlLCBIVFRQIHBhdGgsIEhUVFAgYXJncyBhbmQgaWYgaXRzIGEgc3RhdGljIHJlc3NvdXJjZSIKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWxvZ3MKcGF0dGVybl9zeW50YXg6CiAgRElSOiAiXi4qLyIKICBGSUxFOiAiW14vXS4qPyIKICBFWFQ6ICJcXC5bXi5dKiR8JCIKbm9kZXM6CiAgLSBzdGF0aWNzOgogICAgIC0gcGFyc2VkOiAiaW1wYWN0X2NvbXBsZXRpb24iCiAgICAgICAjIHRoZSB2YWx1ZSBvZiBhIGZpZWxkIGNhbiBhcyB3ZWxsIGJlIGRldGVybWluZWQgYXMgdGhlIHJlc3VsdCBvZiBhbiBleHByZXNzaW9uCiAgICAgICBleHByZXNzaW9uOiAiZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgaW4gWyc0MDQnLCAnNDAzJywgJzUwMiddID8gJ2ZhbHNlJyA6ICd0cnVlJyIKICAgICAtIHRhcmdldDogZXZ0LlBhcnNlZC5zdGF0aWNfcmVzc291cmNlCiAgICAgICB2YWx1ZTogJ2ZhbHNlJwogICMgbGV0J3Mgc3BsaXQgdGhlIHBhdGg/cXVlcnkgaWYgcG9zc2libGUKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJeJXtHUkVFRFlEQVRBOnJlcXVlc3R9XFw/JXtHUkVFRFlEQVRBOmh0dHBfYXJnc30kIgogICAgICBhcHBseV9vbjogcmVxdWVzdAogICMgdGhpcyBpcyBhbm90aGVyIG5vZGUsIHdpdGggaXRzIG93biBwYXR0ZXJuX3N5bnRheAogIC0gI2RlYnVnOiB0cnVlCiAgICBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtESVI6ZmlsZV9kaXJ9JXtGSUxFOmZpbGVfZnJhZ30le0VYVDpmaWxlX2V4dH0iCiAgICAgIGFwcGx5X29uOiByZXF1ZXN0CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBodHRwX3BhdGgKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmh0dHBfcGF0aCIKICAgICAgICAgICMgbWV0YSBhZgogICAgICAgIC0gbWV0YTogaHR0cF9hcmdzX2xlbgogICAgICAgICAgZXhwcmVzc2lvbjogImxlbihldnQuUGFyc2VkLmh0dHBfYXJncykiCiAgICAgICAgLSBwYXJzZWQ6IGZpbGVfbmFtZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5maWxlX2ZyYWcgKyBldnQuUGFyc2VkLmZpbGVfZXh0CiAgICAgICAgLSBwYXJzZWQ6IHN0YXRpY19yZXNzb3VyY2UKICAgICAgICAgIGV4cHJlc3Npb246ICJVcHBlcihldnQuUGFyc2VkLmZpbGVfZXh0KSBpbiBbJy5KUEcnLCAnLkNTUycsICcuSlMnLCAnLkpQRUcnLCAnLlBORycsICcuU1ZHJywgJy5NQVAnLCAnLklDTycsICcuT1RGJywgJy5HSUYnLCAnLk1QMycsICcuTVA0JywgJy5XT0ZGJywgJy5XT0ZGMicsICcuVFRGJywgJy5PVEYnLCAnLkVPVCcsICcuV0VCUCddID8gJ3RydWUnIDogJ2ZhbHNlJyIK",
+   "description": "Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/iptables-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/iptables-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "00076ea5d8fa862aeb6bb48890d84d9e2763bfc332a635eab884c0a3069fcccd",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBwYXJzZXIgZm9yIGlwdGFibGVzIGAtaiBMT0dgIGxvZ3MuCgpBbGwgbG9nZ2VkIHBhY2tldHMgYXJlIGNvbnNpZGVyZWQgYXMgRFJPUHMuCgpUbyBtYWtlIHRoaXMgcGFyc2VyIHJlbGV2YW50LCB5b3Ugc2hvdWxkIGhhdmUgYSBgaXB0YWJsZXMgLUEgSU5QVVQgIC1tIHN0YXRlIC0tc3RhdGUgTkVXIC1qIExPR2Agb3Igc2ltaWxhciBpbnRvIHlvdXIgY29uZmlndXJhdGlvbi4gVGhpcyBvbmUgd2lsbCBsb2cgYWxsIG5ldyBjb25uZWN0aW9ucywgc3VjY2Vzc2Z1bCBvciBub3QuCgo=",
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2tlcm5lbCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvaXB0YWJsZXMtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGlwdGFibGVzIGRyb3AgbG9ncyIKZ3JvazoKICBwYXR0ZXJuOiBcWyV7REFUQX1cXSsuKigle1dPUkQ6YWN0aW9ufSk/IElOPSV7V09SRDppbnRfZXRofSBPVVQ9IE1BQz0le0lQfTole01BQ30gU1JDPSV7SVA6c3JjX2lwfSBEU1Q9JXtJUDpkc3RfaXB9IExFTj0le0lOVDpsZW5ndGh9LipQUk9UTz0le1dPUkQ6cHJvdG99IFNQVD0le0lOVDpzcmNfcG9ydH0gRFBUPSV7SU5UOmRzdF9wb3J0fS4qCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGNwCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBpcHRhYmxlc19kcm9wCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zcmNfaXAiCiAg",
+   "description": "Parse iptables drop logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/modsecurity": {
+   "path": "parsers/s01-parse/crowdsecurity/modsecurity.yaml",
+   "stage": "s01-parse",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "8db1b74ef6681ebe8e9fcc09ed271830a330f3aa5dd3e273a98b3906c334f715",
+     "deprecated": false
+    }
+   },
+   "long_description": "VGhpcyBtb2RzZWN1cml0eSBwYXJzZXIgc3VwcG9ydCBtb2RzZWN1cml0eSBsb2dzIGZyb20gYXBhY2hlMiBlcnJvciBsb2cuCgooTm90IHRlc3RlZCB3aXRoIE5naW54IHlldCkuIA==",
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdtb2RzZWN1cml0eScKbmFtZTogY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQojZGVidWc6IHRydWUKZGVzY3JpcHRpb246IEEgcGFyc2VyIGZvciBtb2RzZWN1cml0eSBXQUYKZ3JvazoKICBuYW1lOiBNT0RTRUNBUEFDSEVFUlJPUgogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IG1vZHNlY3VyaXR5CiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlaG9zdAo=",
+   "description": "A parser for modsecurity WAF",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/mysql-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/mysql-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "9ad9acb6f2c62c6d38c8b662a22af412f6bb0d73f14197b5136cc2c777a3865b",
+     "deprecated": false
+    }
+   },
+   "long_description": "TXlzcWwgYXV0aGVudGljYXRpb24gZmFpbCBwYXJzZXIuCg==",
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXlzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIE15U1FMIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbXlzcWwnIgpncm9rOgogIG5hbWU6ICJNWVNRTF9BVVRIX0ZBSUwiCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogbXlzcWxfZmFpbGVkX2F1dGgKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogIC0gbWV0YTogdXNlcgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlciI=",
+   "description": "Parse MySQL logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/naxsi-logs": {
+   "path": "parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml",
+   "stage": "s02-enrich",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "c8b9f9ffdc82619cfc9ef10be9ba18513f702688d86d5c48a5cffb525499a8f0",
+     "deprecated": false
+    }
+   },
+   "content": "I2xldCdzIHRyeSB0byBwb3N0LXByb2Nlc3MgbmdpbnggZXJyb3IgbG9nIHRvIGhhdmUgbmF4c2kgcGF0dGVybgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaHR0cF9lcnJvci1sb2cnICYmIGV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbmdpbngnIgpkZXNjcmlwdGlvbjogIkVucmljaCBsb2dzIGlmIGl0cyBmcm9tIE5BWFNJIgpuYW1lOiBjcm93ZHNlY3VyaXR5L25heHNpLWxvZ3MKZ3JvazoKICBuYW1lOiAiTkFYU0lfRVhMT0ciCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIHRhcmdldDogZXZ0Lk1ldGEubG9nX3R5cGUKICAgIHZhbHVlOiB3YWZfbmF4c2ktbG9nCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLm5heHNpX3NyY19pcCIKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaHR0cF9wYXRoIgogIC0gbWV0YTogZGVzdF9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGFyZ2V0X2lwIg==",
+   "description": "Enrich logs if its from NAXSI",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/nginx-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/nginx-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "60ba29ab5a5a49214664344b57403fab932e70bb1493203e83dc7df4f66b2059",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "eae9b00d93c9e86f4b909bf0b0ce7dee821834702bc99c29213ebeca86054367",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBnZW5lcmljIHBhcnNlciBmb3IgbmdpbngsIHN1cHBvcnQgYm90aCBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MuCgoKKm5vdGUgOiAqIElmIHlvdSBhcmUgYWdncmVnYXRpbmcgbG9ncyBmcm9tIHNldmVyYWwgZG9tYWlucywgcHJlZml4IHlvdXIgbG9nbGluZSB3aXRoIHRoZSB0YXJnZXQgRlFETi4gSFRUUCBiYXNlZCBzY2VuYXJpb3Mgc2hvdWxkIHRha2UgdGhpcyBpbnRvIGFjY291bnQgc28gdGhhdCBidWNrZXRzIGFyZSBfcGVyXyBzb3VyY2UgSVAgcGVyIHRhcmdldCBGUUROLCBsaW1pdGluZyBmYWxzZSBwb3NpdGl2ZXMgZHVlIHRvIGxvZ3MgbXVsdGlwbGV4aW5nLgoK",
+   "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ25naW54JyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L25naW54LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBuZ2lueCBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJygle0lQT1JIT1NUOnRhcmdldF9mcWRufSApPyV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9IC0gJXtOR1VTRVI6cmVtb3RlX3VzZXJ9IFxbJXtIVFRQREFURTp0aW1lX2xvY2FsfVxdICIle1dPUkQ6dmVyYn0gJXtVUklQQVRIUEFSQU06cmVxdWVzdH0gSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259IiAle05VTUJFUjpzdGF0dXN9ICV7TlVNQkVSOmJvZHlfYnl0ZXNfc2VudH0gIiV7Tk9URFFVT1RFOmh0dHBfcmVmZXJlcn0iICIle05PVERRVU9URTpodHRwX3VzZXJfYWdlbnR9IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaHR0cF9hY2Nlc3MtbG9nCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVfbG9jYWwKICAtIGdyb2s6CiAgICAgICAgIyBhbmQgdGhpcyBvbmUgdGhlIGVycm9yIGxvZwogICAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le05HSU5YRVJSVElNRTp0aW1lfSBcWyV7TE9HTEVWRUw6bG9nbGV2ZWx9XF0gJXtOT05ORUdJTlQ6cGlkfSMle05PTk5FR0lOVDp0aWR9OiAoXCole05PTk5FR0lOVDpjaWR9ICk/JXtHUkVFRFlEQVRBOm1lc3NhZ2V9JwogICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgICAgdmFsdWU6IGh0dHBfZXJyb3ItbG9nCiAgICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiMgdGhlc2Ugb25lcyBhcHBseSBmb3IgYm90aCBncm9rIHBhdHRlcm5zCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogaHR0cAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZW1vdGVfYWRkciIKICAtIG1ldGE6IGh0dHBfc3RhdHVzCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zdGF0dXMiCiAgLSBtZXRhOiBodHRwX3BhdGgKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlcXVlc3Qi",
+   "description": "Parse nginx access and error logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/postfix-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/postfix-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "da6b8ecae70e951905697c92fc0c198c2148041bf96e33658d485818c37d7414",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "7338524c5cd363792ee2b8edd488ee6e855b925e073ad659ae2c1b9fb1f4afdf",
+     "deprecated": false
+    }
+   },
+   "content": "IyBDb3B5cmlnaHQgKGMpIDIwMTQsIDIwMTUsIFJ1ZHkgR2V2YWVydAojIENvcHlyaWdodCAoYykgMjAyMCBDcm93ZHNlYwoKIyBQZXJtaXNzaW9uIGlzIGhlcmVieSBncmFudGVkLCBmcmVlIG9mIGNoYXJnZSwgdG8gYW55IHBlcnNvbiBvYnRhaW5pbmcKIyBhIGNvcHkgb2YgdGhpcyBzb2Z0d2FyZSBhbmQgYXNzb2NpYXRlZCBkb2N1bWVudGF0aW9uIGZpbGVzICh0aGUKIyAiU29mdHdhcmUiKSwgdG8gZGVhbCBpbiB0aGUgU29mdHdhcmUgd2l0aG91dCByZXN0cmljdGlvbiwgaW5jbHVkaW5nCiMgd2l0aG91dCBsaW1pdGF0aW9uIHRoZSByaWdodHMgdG8gdXNlLCBjb3B5LCBtb2RpZnksIG1lcmdlLCBwdWJsaXNoLAojIGRpc3RyaWJ1dGUsIHN1YmxpY2Vuc2UsIGFuZC9vciBzZWxsIGNvcGllcyBvZiB0aGUgU29mdHdhcmUsIGFuZCB0bwojIHBlcm1pdCBwZXJzb25zIHRvIHdob20gdGhlIFNvZnR3YXJlIGlzIGZ1cm5pc2hlZCB0byBkbyBzbywgc3ViamVjdCB0bwojIHRoZSBmb2xsb3dpbmcgY29uZGl0aW9uczoKCiMgVGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UgYW5kIHRoaXMgcGVybWlzc2lvbiBub3RpY2Ugc2hhbGwgYmUKIyBpbmNsdWRlZCBpbiBhbGwgY29waWVzIG9yIHN1YnN0YW50aWFsIHBvcnRpb25zIG9mIHRoZSBTb2Z0d2FyZS4KCiMgVEhFIFNPRlRXQVJFIElTIFBST1ZJREVEICJBUyBJUyIsIFdJVEhPVVQgV0FSUkFOVFkgT0YgQU5ZIEtJTkQsCiMgRVhQUkVTUyBPUiBJTVBMSUVELCBJTkNMVURJTkcgQlVUIE5PVCBMSU1JVEVEIFRPIFRIRSBXQVJSQU5USUVTIE9GCiMgTUVSQ0hBTlRBQklMSVRZLCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBTkQKIyBOT05JTkZSSU5HRU1FTlQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBBVVRIT1JTIE9SIENPUFlSSUdIVCBIT0xERVJTIEJFCiMgTElBQkxFIEZPUiBBTlkgQ0xBSU0sIERBTUFHRVMgT1IgT1RIRVIgTElBQklMSVRZLCBXSEVUSEVSIElOIEFOIEFDVElPTgojIE9GIENPTlRSQUNULCBUT1JUIE9SIE9USEVSV0lTRSwgQVJJU0lORyBGUk9NLCBPVVQgT0YgT1IgSU4gQ09OTkVDVElPTgojIFdJVEggVEhFIFNPRlRXQVJFIE9SIFRIRSBVU0UgT1IgT1RIRVIgREVBTElOR1MgSU4gVEhFIFNPRlRXQVJFLgoKIyBTb21lIG9mIHRoZSBncm9rcyB1c2VkIGhlcmUgYXJlIGZyb20gaHR0cHM6Ly9naXRodWIuY29tL3JnZXZhZXJ0L2dyb2stcGF0dGVybnMvYmxvYi9tYXN0ZXIvZ3Jvay5kL3Bvc3RmaXhfcGF0dGVybnMKb25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAncG9zdGZpeC9zbXRwZCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvcG9zdGZpeC1sb2dzCnBhdHRlcm5fc3ludGF4OgogIFBPU1RGSVhfSE9TVE5BTUU6ICcoJXtIT1NUTkFNRX18dW5rbm93biknCiAgUE9TVEZJWF9DT01NQU5EOiAnKEFVVEh8U1RBUlRUTFN8Q09OTkVDVHxFSExPfEhFTE98UkNQVCknCiAgUE9TVEZJWF9BQ1RJT046ICdkaXNjYXJkfGR1bm5vfGZpbHRlcnxob2xkfGlnbm9yZXxpbmZvfHByZXBlbmR8cmVkaXJlY3R8cmVwbGFjZXxyZWplY3R8d2FybicKICBSRUxBWTogJyg/OiV7SE9TVE5BTUU6cmVtb3RlX2hvc3R9KD86XFsle0lQOnJlbW90ZV9hZGRyfVxdKD86OlswLTldKyguWzAtOV0rKT8pPyk/KScKZGVzY3JpcHRpb246ICJQYXJzZSBwb3N0Zml4IGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgcGF0dGVybjogJ2xvc3QgY29ubmVjdGlvbiBhZnRlciAle0RBVEE6c210cF9yZXNwb25zZX0gZnJvbSAle1JFTEFZfScKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlX2VuaAogICAgICAgICAgdmFsdWU6IHNwYW0tYXR0ZW1wdAogIC0gZ3JvazoKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgcGF0dGVybjogJ3dhcm5pbmc6ICV7UE9TVEZJWF9IT1NUTkFNRTpyZW1vdGVfaG9zdH1cWyV7SVA6cmVtb3RlX2FkZHJ9XF06IFNBU0wgKCg/aSlMT0dJTnxQTEFJTnwoPzpDUkFNfERJR0VTVCktTUQ1KSBhdXRoZW50aWNhdGlvbiBmYWlsZWQ6JXtHUkVFRFlEQVRBOm1lc3NhZ2VfZmFpbHVyZX0nCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZV9lbmgKICAgICAgICAgIHZhbHVlOiBzcGFtLWF0dGVtcHQKICAtIGdyb2s6CiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHBhdHRlcm46ICdOT1FVRVVFOiAle1BPU1RGSVhfQUNUSU9OOmFjdGlvbn06ICV7REFUQTpjb21tYW5kfSBmcm9tICV7UkVMQVl9OiAle0dSRUVEWURBVEE6cmVhc29ufScKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGFjdGlvbgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuYWN0aW9uIiAgICAgICAgCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHBvc3RmaXgKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogICAgLSBtZXRhOiBzb3VyY2VfaG9zdG5hbWUKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2hvc3QiCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBwb3N0Zml4Cgo=",
+   "description": "Parse postfix logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/postscreen-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/postscreen-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "5ee035d47824573e19f9a1d378d8882cf3efa72f6443e2243f915d6b38b4b957",
+     "deprecated": false
+    }
+   },
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAncG9zdGZpeC9wb3N0c2NyZWVuJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9wb3N0c2NyZWVuLWxvZ3MKcGF0dGVybl9zeW50YXg6CiAgUE9TVFNDUkVFTl9QUkVHUkVFVDogJ1BSRUdSRUVUJwogIFBPU1RTQ1JFRU5fUFJFR1JFRVRfVElNRV9BVFRFTVBUOiAnXGQrLlxkKycKZGVzY3JpcHRpb246ICJQYXJzZSBwb3N0c2NyZWVuIGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgcGF0dGVybjogJyV7UE9TVFNDUkVFTl9QUkVHUkVFVDpwcmVncmVldH0gJXtJTlQ6Y291bnR9IGFmdGVyICV7UE9TVFNDUkVFTl9QUkVHUkVFVF9USU1FX0FUVEVNUFQ6dGltZV9hdHRlbXB0fSBmcm9tIFxbJXtJUDpyZW1vdGVfYWRkcn1cXTole0lOVDpwb3J0fTogJXtHUkVFRFlEQVRBOm1lc3NhZ2VfYXR0ZW1wdH0nCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHBvc3RzY3JlZW4KICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogICAgLSBtZXRhOiBwcmVncmVldAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5wcmVncmVldCIKCgo=",
+   "description": "Parse postscreen logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/smb-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/smb-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "a68bdf79455bda0a84ffaa109752b682266ea0e050d04c260a965a0dbac0fb27",
+     "deprecated": false
+    }
+   },
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvc21iLWxvZ3MKZmlsdGVyOiBldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3NtYicKZGVzY3JpcHRpb246ICJQYXJzZSBTTUIgbG9ncyIKZ3JvazoKICBuYW1lOiAiU01CX0FVVEhfRkFJTCIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBzbWJfZmFpbGVkX2F1dGgKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaXBfc291cmNlIgogIC0gbWV0YTogdXNlcgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlciI=",
+   "description": "Parse SMB logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/sshd-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/sshd-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "ecd40cb8cd95e2bad398824ab67b479362cdbf0e1598b8833e2f537ae3ce2f93",
+     "deprecated": false
+    }
+   },
+   "long_description": "WW91ciBvbmUgZml0cy1hbGwgc3NoIHBhcnNlciB3aXRoIHN1cHBvcnQgZm9yIHRoZSBtb3N0IGNvbW1vbiBraW5kIG9mIGZhaWxlZCBhdXRoZW50aWNhdGlvbnMgYW5kIGVycm9ycy4KCg==",
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnc3NoZCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvc3NoZC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2Ugb3BlblNTSCBsb2dzIgpub2RlczoKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9ESVNDX1BSRUFVVEgiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9CQURfVkVSU0lPTiIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0lOVkFMX1VTRVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9VU0VSX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHNzaAogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2NsaWVudF9pcCI=",
+   "description": "Parse openSSH logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/syslog-logs": {
+   "path": "parsers/s00-raw/crowdsecurity/syslog-logs.yaml",
+   "stage": "s00-raw",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "44e8cfbf528dcd70c6cc329df1b963f6861668796c706cc79050b0907a85540e",
+     "deprecated": false
+    }
+   },
+   "long_description": "IyBTeXNsb2cgcGFyc2VyCgpUaGlzIGlzIGEgZ2VuZXJpYyBsaW51eCBzeXNsb2cgcGFyc2VyIHdpdGggdGltZS1zdXBwb3J0LgpUaGlzIG9uZSBvZnRlbiB3b3JrcyBhbG9uZyBgY3Jvd2RzZWN1cml0eS9za2lwLXByZXRhZ2AKCg==",
+   "content": "I0lmIGl0J3Mgc3lzbG9nLCB3ZSBhcmUgZ29pbmcgdG8gZXh0cmFjdCBwcm9nbmFtZSBmcm9tIGl0CmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlID09ICdzeXNsb2cnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncwpncm9rOgogICN0aGlzIGlzIGEgbmFtZWQgcmVndWxhciBleHByZXNzaW9uLiBncm9rIHBhdHRlcm5zIGNhbiBiZSBrZXB0IGludG8gc2VwYXJhdGUgZmlsZXMgZm9yIHJlYWRhYmlsaXR5CiAgbmFtZTogIlNZU0xPR0xJTkUiIAogICNUaGlzIGlzIHRoZSBmaWVsZCBvZiB0aGUgYEV2ZW50YCB0byB3aGljaCB0aGUgcmVnZXhwIHNob3VsZCBiZSBhcHBsaWVkCiAgYXBwbHlfb246IExpbmUuUmF3CiNpZiB0aGUgbm9kZSB3YXMgc3VjY2Vzc2Z1bGwsIHN0YXRpY3Mgd2lsbCBiZSBhcHBsaWVkLgpzdGF0aWNzOgogIC0gcGFyc2VkOiAibG9nc291cmNlIgogICAgdmFsdWU6ICJzeXNsb2ciCiMgc3lzbG9nIGRhdGUgY2FuIGJlIGluIHR3byBkaWZmZXJlbnQgZmllbGRzIChvbmUgb2YgaHRlIGFzc2lnbm1lbnQgd2lsbCBmYWlsKQogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wODYwMQotLS0KI2lmIGl0J3Mgbm90IHN5c2xvZywgdGhlIHR5cGUgaXMgdGhlIHByb2duYW1lCmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlICE9ICdzeXNsb2cnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9ub24tc3lzbG9nCiNkZWJ1ZzogdHJ1ZQpzdGF0aWNzOgogIC0gcGFyc2VkOiBtZXNzYWdlCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5SYXcKICAtIHBhcnNlZDogcHJvZ3JhbQogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuTGFiZWxzLnR5cGUKLS0tCg==",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/tcpdump-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "e51892c14d137cc4f12d2203c851a953e743f262561c48ff6108bd4222fff254",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBwYXJzZXIgZm9yIHRjcGR1bXAgbG9ncy4KClRvIG1ha2UgdGhpcyBwYXJzZXIgcmVsZXZhbnQsIHlvdSBzaG91bGQgaGF2ZSBhZGQgdGNwZHVtcCBjb21tYW5kIHRoYXQgbG9nIHRjcCBzY2FuIDoKCkFuIGV4YW1wbGU6CmBgYGJhc2gKY2F0IDw8RU9GID4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS90Y3BkdW1wLnNlcnZpY2UKW1VuaXRdCkRlc2NyaXB0aW9uPVRDUERVTVAKCltTZXJ2aWNlXQpUeXBlPXNpbXBsZQpVc2VyPXJvb3QKRXhlY1N0YXJ0PS9iaW4vc2ggLWMgJ3RjcGR1bXAgLWwgLW4gLWkgZXRoMCAidGNwW3RjcGZsYWdzXSAmICh0Y3Atc3luKSAhPSAwIiA+PiAvdmFyL2xvZy90Y3BkdW1wLm91dCcKUmVzdGFydD1vbi1mYWlsdXJlCgpbSW5zdGFsbF0KV2FudGVkQnk9bXVsdGktdXNlci50YXJnZXQKRU9GCgpzeXN0ZW1jdGwgZGFlbW9uLXJlbG9hZApzeXN0ZW1jdGwgZW5hYmxlIHRjcGR1bXAuc2VydmljZQpzZXJ2aWNlIHRjcGR1bXAgc3RhcnQKYGBgCgo=",
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAndGNwZHVtcCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvdGNwZHVtcC1sb2dzCiNkZWJ1ZzogdHJ1ZQpkZXNjcmlwdGlvbjogIlBhcnNlIHRjcGR1bXAgcmF3IGxvZ3MiCmdyb2s6CiAgbmFtZTogIlRDUERVTVBfT1VUUFVUIgogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHRjcAogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogdGNwX3N5bgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiBkZXN0X2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRlc3RfaXAiCiAgICAtIG1ldGE6IGRlc3RfcG9ydAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kZXN0X3BvcnQiCiAgICAtIHBhcnNlZDogIm5ld19jb25uZWN0aW9uIgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50Y3BmbGFncyBjb250YWlucyAnUycgPyAndHJ1ZScgOiAnZmFsc2UnIg==",
+   "description": "Parse tcpdump raw logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/vsftpd-logs": {
+   "path": "parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml",
+   "stage": "s01-parse",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "39d986c6005d2b96b8941a71ee81c4af35bd22b1094685a8b7f7fbc00e1b4f7f",
+     "deprecated": false
+    }
+   },
+   "long_description": "RlRQIChbdnNmdHBkXShodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9Wc2Z0cGQpKSBhdXRoZW50aWNhdGlvbiBmYWlsIHBhcnNlci4=",
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IHZzZnRwZC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgVlNGVFBEIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAndnNmdHBkJyIKI2RlYnVnOiB0cnVlCnBhdHRlcm5fc3ludGF4OgogIEZUUF9BVVRIX0ZBSUw6ICcle0hUVFBERVJST1JfREFURTp0aW1lc3RhbXB9IFxbcGlkICV7TlVNQkVSfVxdIFxbJXtHUkVFRFlEQVRBOnVzZXJ9XF0gRkFJTCBMT0dJTjogQ2xpZW50ICIoOjpmZmZmOik/JXtJUDpzb3VyY2VfaXB9IicKZ3JvazoKICBwYXR0ZXJuOiAiJXtGVFBfQVVUSF9GQUlMfSIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogICAgLSBtZXRhOiBwcm9ncmFtCiAgICAgIHZhbHVlOiB2c2Z0cGQKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGZ0cF9mYWlsZWRfYXV0aAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiB1c2VyCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXIiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXA=",
+   "description": "Parse VSFTPD logs",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/whitelists": {
+   "path": "parsers/s02-enrich/crowdsecurity/whitelists.yaml",
+   "stage": "s02-enrich",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "f51f41270a7ff9900d9c815beccc3ded36a1c377a6e21dd19f9d8209623789b1",
+     "deprecated": false
+    }
+   },
+   "long_description": "QSBnZW5lcmljIHdoaXRlbGlzdCB0byBhdm9pZCBiYW5uaW5nIHlvdXJzZWxmLCB3aGl0ZWxpc3RlZCByYW5nZXMgOgoxOTIuMTY4LjAuMC8xNiwgMTAuMC4wLjAvOCwgMTcyLjE2LjAuMC8xMgo=",
+   "content": "bmFtZTogY3Jvd2RzZWN1cml0eS93aGl0ZWxpc3RzCmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IGV2ZW50cyBmcm9tIHByaXZhdGUgaXB2NCBhZGRyZXNzZXMiCndoaXRlbGlzdDoKICByZWFzb246ICJwcml2YXRlIGlwdjQgcmFuZ2VzIgogIGlwOiAKICAgIC0gIjEyNy4wLjAuMSIKICBjaWRyOgogICAgLSAiMTkyLjE2OC4wLjAvMTYiCiAgICAtICIxMC4wLjAuMC84IgogICAgLSAiMTcyLjE2LjAuMC8xMiIKICAjIGV4cHJlc3Npb246CiAgIyAgIC0gIidmb28uY29tJyBpbiBldnQuTWV0YS5zb3VyY2VfaXAucmV2ZXJzZSIgCgo=",
+   "description": "Whitelist events from private ipv4 addresses",
+   "author": "crowdsecurity",
+   "labels": null
+  }
+ },
+ "postoverflows": {
+  "crowdsecurity/cdn-whitelist": {
+   "path": "postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml",
+   "stage": "s01-whitelist",
+   "version": "0.3",
+   "versions": {
+    "0.1": {
+     "digest": "d1cb42fbe9f3bb37f3cfa77ef5c60ec0b17dc3703bffb0d422dc6fe9cc0eb9f5",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "7fb5b1474067c22192cf12effb7d508e316c130900cb00c108c0467d18d9d2c0",
+     "deprecated": false
+    },
+    "0.3": {
+     "digest": "63c933b81052c7776deb607ed7c115b89e59a88908123e04573853201122a45a",
+     "deprecated": false
+    }
+   },
+   "long_description": "IyBDRE5zIHdoaXRlbGlzdAoKQ0ROcyB3aGl0ZWxpc3QgYmFzZWQgb24gZm9sbG93aW5nIGxpc3RzOgoqIGh0dHBzOi8vd3d3LmNsb3VkZmxhcmUuY29tL2lwcy12NAoKSXQgd2lsbCB3aGl0ZWxpc3Qgb3ZlcmZsb3dzIHRyaWdnZXJlZCBvbiBhbiBJUCBpbiB0aG9zZSBsaXN0cw==",
+   "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9jZG4td2hpdGVsaXN0CmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IENETiBwcm92aWRlcnMiCndoaXRlbGlzdDoKICByZWFzb246ICJDRE4gcHJvdmlkZXIiCiAgZXhwcmVzc2lvbjogCiAgICAtICJhbnkoRmlsZSgnY2xvdWRmbGFyZV9pcHMudHh0JyksIHsgSXBJblJhbmdlKGV2dC5PdmVyZmxvdy5BbGVydC5Tb3VyY2UuSVAgLCMpfSkiCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3d3dy5jbG91ZGZsYXJlLmNvbS9pcHMtdjQKICAgIGRlc3RfZmlsZTogY2xvdWRmbGFyZV9pcHMudHh0CiAgICB0eXBlOiBzdHJpbmcK",
+   "description": "Whitelist CDN providers",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/rdns": {
+   "path": "postoverflows/s00-enrich/crowdsecurity/rdns.yaml",
+   "stage": "s00-enrich",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "796da42b262fe6574d78a7c7f95f73876d30a07751679a43afd018fc272e490a",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "2b174b379f05edb3aa298b7037f6a85cde06b45893e4152492a51757408d517b",
+     "deprecated": false
+    }
+   },
+   "long_description": "IyBSZG5zIGVucmljaGVyCgpUaGlzIHdpbGwgdXNlIGByZXZlcnNlX2Ruc2AgbWV0aG9kIHRvIGVucmljaCBlbiBldmVudCB3aXRoIHRoZSByZXZlcnNlIGRucyBvZiB0aGUgSVAgaWYgaXQgZXhpc3RzLg==",
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5PdmVyZmxvdy5BbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3JkbnMKZGVzY3JpcHRpb246ICJMb29rdXAgdGhlIEROUyBhc3NvY2lhdGVkIHRvIHRoZSBzb3VyY2UgSVAgb25seSBmb3Igb3ZlcmZsb3dzIgpzdGF0aWNzOgogIC0gbWV0aG9kOiByZXZlcnNlX2RucwogICAgZXhwcmVzc2lvbjogZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5JUAogIC0gbWV0YTogcmV2ZXJzZV9kbnMKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5yZXZlcnNlX2Rucwo=",
+   "description": "Lookup the DNS associated to the source IP only for overflows",
+   "author": "crowdsecurity",
+   "labels": null
+  },
+  "crowdsecurity/seo-bots-whitelist": {
+   "path": "postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml",
+   "stage": "s01-whitelist",
+   "version": "0.4",
+   "versions": {
+    "0.1": {
+     "digest": "6df83947191a61ab73a87fccb3c285563bd9c4b3ef8027558d3510d262776ebe",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "71eccc355bf181addcb1b5681c5fa99e087b23cbd8fed40ade7ff8a3b07488ef",
+     "deprecated": false
+    },
+    "0.3": {
+     "digest": "43968bb27b6f8cb8420bdcfa997627bce5f19e62fb96299af8c0e1e767ff0582",
+     "deprecated": false
+    },
+    "0.4": {
+     "digest": "f48b0841cc4cf03fe16f118ea1b5d64f4c1eb07cbacf4647bb0e871b4fd71f8c",
+     "deprecated": false
+    }
+   },
+   "long_description": "IyBTRU8gQm90cyBXaGl0ZWxpc3QKCkNvbmZpZ3VyYXRpb24gYmFzZWQgb24gYGNyb3dkc2VjdXJpdHkvcmRuc2AgdG8gd2hpdGVsaXN0IGZvbGxvd2luZyBiZW5pZ24gU0VPIGJvdHM6CiogZHVja2R1Y2tCb3QKKiBnb29nbGVib3QKKiB5YW5kZXgKKiBiaW5nCiogYmFpZHUKKiB5YWhvbwoqIHBpbnRlcmVzdAoqIHF3YW50Cg==",
+   "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9zZW8tYm90cy13aGl0ZWxpc3QKZGVzY3JpcHRpb246ICJXaGl0ZWxpc3QgZ29vZCBzZWFyY2ggZW5naW5lIGNyYXdsZXJzIgp3aGl0ZWxpc3Q6CiAgcmVhc29uOiAiZ29vZCBib3RzIChzZWFyY2ggZW5naW5lIGNyYXdsZXJzKSIKICBleHByZXNzaW9uOiAKICAgIC0gImFueShGaWxlKCdyZG5zX3Nlb19ib3RzLnR4dCcpLCB7IGxlbigjKSA+IDAgJiYgZXZ0LkVucmljaGVkLnJldmVyc2VfZG5zIGVuZHNXaXRoICN9KSIKICAgIC0gIlJlZ2V4cEluRmlsZShldnQuRW5yaWNoZWQucmV2ZXJzZV9kbnMsICdyZG5zX3Nlb19ib3RzLnJlZ2V4JykiCiAgICAtICJhbnkoRmlsZSgnaXBfc2VvX2JvdHMudHh0JyksIHsgbGVuKCMpID4gMCAmJiBJcEluUmFuZ2UoZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5JUCAsIyl9KSIKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2hpdGVsaXN0cy9iZW5pZ25fYm90cy9zZWFyY2hfZW5naW5lX2NyYXdsZXJzL3JkbnNfc2VvX2JvdHMudHh0CiAgICBkZXN0X2ZpbGU6IHJkbnNfc2VvX2JvdHMudHh0CiAgICB0eXBlOiBzdHJpbmcKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2hpdGVsaXN0cy9iZW5pZ25fYm90cy9zZWFyY2hfZW5naW5lX2NyYXdsZXJzL3JuZHNfc2VvX2JvdHMucmVnZXgKICAgIGRlc3RfZmlsZTogcmRuc19zZW9fYm90cy5yZWdleAogICAgdHlwZTogcmVnZXhwCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3doaXRlbGlzdHMvYmVuaWduX2JvdHMvc2VhcmNoX2VuZ2luZV9jcmF3bGVycy9pcF9zZW9fYm90cy50eHQKICAgIGRlc3RfZmlsZTogaXBfc2VvX2JvdHMudHh0CiAgICB0eXBlOiBzdHJpbmc=",
+   "description": "Whitelist good search engine crawlers",
+   "author": "crowdsecurity",
+   "labels": null
+  }
+ },
+ "scenarios": {
+  "crowdsecurity/ban-defcon-drop_range": {
+   "path": "scenarios/crowdsecurity/ban-defcon-drop_range.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "da839847a4a67c1787ea5185e2b25e1e26710ac3b12e7c179a9bdda8a99b2009",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "e1068cba1ce38cc0c3b82b195e91b560e8675ae789c451bbef5c5b4aff1aff02",
+     "deprecated": false
+    }
+   },
+   "long_description": "QmFucyBhIHJhbmdlIGlmIG1vcmUgdGhhbiA1IGlwcyBmcm9tIHNhaWQgcmFuZ2UgYXJlIGJhbm5lZC4KCkxlYWtzcGVlZCBvZiAxIG1pbnV0ZSwgY2FwYWNpdHkgb2YgNS4K",
+   "content": "I1RBUCBJVCBUV0lDRSA6IGlmIG1vcmUgdGhhbiA1IHVuaXF1ZSBJUHMgb2YgYSByYW5nZSBhcmUgYmVpbmcgYmFubmVkLCBkcm9wIHRoZSByYW5nZQp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9iYW4tZGVmY29uLWRyb3BfcmFuZ2UKZGVzY3JpcHRpb246ICJCYW4gYSByYW5nZSBpZiBtb3JlIHRoYW4gNSBpcHMgZnJvbSBpdCBhcmUgYmFubmVkIGF0IGEgdGltZSIKI2l0J3MgYW4gb3ZlcmZsb3cgZnJvbSBhIHNjZW5hcmlvIHRoYXQgdHJpZ2dlcmVkIGEgcmVtZWRpYXRpb24gOykKZmlsdGVyOiAiZXZ0LkdldFR5cGUoKSA9PSAnb3ZlcmZsb3cnICYmIGV2dC5PdmVyZmxvdy5BbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlIgpncm91cGJ5OiAiZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5SYW5nZSIKZGlzdGluY3Q6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQIgpjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxbSIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiByZW1lZGlhdGlvbjogdHJ1ZQpzY29wZToKIHR5cGU6IFJhbmdlCgo=",
+   "description": "Ban a range if more than 5 ips from it are banned at a time",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true"
+   }
+  },
+  "crowdsecurity/ban-report-ssh_bf_report": {
+   "path": "scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "0a7bc501a12b4a8aff250d95d3a08dd0f53ad9eb874ac523ba9c628302749c4d",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "34d80ea3e271c1c1735e55076610063b137a2311a11d51fecff93715b9a4ac39",
+     "deprecated": false
+    }
+   },
+   "long_description": "Q291bnQgdGhlIG51bWJlciBvZiB1bmlxdWUgaXBzIHRoYXQgcGVyZm9ybWVkIHNzaF9icnV0ZWZvcmNlcywgcmVwb3J0IGV2ZXJ5IDEwIG1pbnV0ZXMuCg==",
+   "content": "dHlwZTogY291bnRlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2Jhbi1yZXBvcnRzLXNzaF9iZl9yZXBvcnQKZGVzY3JpcHRpb246ICJDb3VudCB1bmlxdWUgaXBzIHBlcmZvcm1pbmcgc3NoIGJydXRlZm9yY2UiCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU2NlbmFyaW8gPT0gJ3NzaF9icnV0ZWZvcmNlJyIKZGlzdGluY3Q6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQIgpjYXBhY2l0eTogLTEKZHVyYXRpb246IDEwbQpsYWJlbHM6CiAgc2VydmljZTogc3NoCg==",
+   "description": "Count unique ips performing ssh bruteforce",
+   "author": "crowdsecurity",
+   "labels": {
+    "service": "ssh"
+   }
+  },
+  "crowdsecurity/dovecot-spam": {
+   "path": "scenarios/crowdsecurity/dovecot-spam.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "fc1429f0c8d5b1ba20660ac0725fe0b52bb0382efa746e9bd962d80bdf7c9310",
+     "deprecated": false
+    }
+   },
+   "long_description": "U3BhbSBkZXRlY3Rpb24gZm9yIGRvdmVjb3QgKGNhcGFjaXR5IG9mIDMgYW5kIGxlYWtzcGVlZCBvZiAzNjBzKQoKLSBhbGxvd3MgZmFpbCBhdXRoZW50aWNhdGlvbiBhdHRlbXB0IGV2ZXJ5IDYgbWludXRlcyB3aXRoIGEgYnVyc3Qgb2YgMwoKPiBDb250cmlidXRpb24gYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=",
+   "content": "I2NvbnRyaWJ1dGlvbiBieSBAbHRzaWNoCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1zcGFtCmRlc2NyaXB0aW9uOiAiZGV0ZWN0IGVycm9ycyBvbiBkb3ZlY290IgpkZWJ1ZzogZmFsc2UKIyByZXF1ZXN0IHdpdGggbG9naW4gIT0gTG9naW4KZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2RvdmVjb3RfbG9ncycgJiYgZXZ0LlBhcnNlZC5kb3ZlY290X2xvZ2luX3Jlc3VsdCAhPSAnTG9naW4nIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDMKbGVha3NwZWVkOiAiMzYwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBzY2FuCiByZW1lZGlhdGlvbjogdHJ1ZQo=",
+   "description": "detect errors on dovecot",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "http",
+    "type": "scan"
+   }
+  },
+  "crowdsecurity/http-backdoors-attempts": {
+   "path": "scenarios/crowdsecurity/http-backdoors-attempts.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "2eaba549ef284a36349482aa803b201fa8dcbff0f4d1ab2c5127d6b29806bba1",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "388ec8c8f0679601bafa27fdf57fd414312bb2110bff56ef583bb505a1866d8b",
+     "deprecated": false
+    }
+   },
+   "long_description": "RGV0ZWN0IGF0dGVtcHRzIHRvIGFjY2VzcyBjb21tb24gYmFja2Rvb3JzIHN1Y2ggYXMgYzk5LnBocCAuLi4KCiMjIENvbmZpZ3VyYXRpb24KClRoaXMgc2NlbmFyaW8gd2lsbCBiZSB0cmlnZ2VyIGlmIGFuIGF0dGFja2VyIHJlcXVlc3RzIGEgbWluaW11bSBvZiB0d28gZGlmZmVyZW50cyBmaWxlIG9mIFt0aGUgbGlzdF0oaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvYmFja2Rvb3JzLnR4dCkvCgpDb25maWd1cmF0aW9uOgoKYGRpc3RpbmN0YCA6IGBldnQuUGFyc2VkLnJlcXVlc3RgIChIVFRQIHJlcXVlc3QgVVJJKQoKYGxlYWtzcGVlZGAgOiA1IHNlY29uZGVzCgpgZ3JvdXBfYnlgIDogYGV2dC5NZXRhLnNvdXJjZV9pcGAKCgojIyMgRGF0YQoKVGhpcyBzY2VuYXJpbyB1c2UgdGhlIFtmb2xsb3dpbmcgbGlzdCBiYWNrZG9vcnMudHh0XShodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3dlYi9iYWNrZG9vcnMudHh0KSBmcm9tIFtkYW5pZWxtaWVzc2xlcl0oaHR0cHM6Ly9naXRodWIuY29tL2RhbmllbG1pZXNzbGVyL1NlY0xpc3RzKQ==",
+   "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1iYWNrZG9vcnMtYXR0ZW1wdHMKZGVzY3JpcHRpb246ICJEZXRlY3QgYXR0ZW1wdCB0byBjb21tb24gYmFja2Rvb3JzIgpmaWx0ZXI6ICdldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCBhbnkoRmlsZSgiYmFja2Rvb3JzLnR4dCIpLCB7IGV2dC5QYXJzZWQucmVxdWVzdCBjb250YWlucyAjfSknCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmRpc3RpbmN0OiBldnQuUGFyc2VkLnJlcXVlc3QKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL2JhY2tkb29ycy50eHQKICAgIGRlc3RfZmlsZTogYmFja2Rvb3JzLnR4dAogICAgdHlwZTogc3RyaW5nCmNhcGFjaXR5OiAxCmxlYWtzcGVlZDogNXMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIHR5cGU6IGRpc2NvdmVyeQogIHJlbWVkaWF0aW9uOiB0cnVlCg==",
+   "description": "Detect attempt to common backdoors",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "http",
+    "type": "discovery"
+   }
+  },
+  "crowdsecurity/http-bad-user-agent": {
+   "path": "scenarios/crowdsecurity/http-bad-user-agent.yaml",
+   "version": "0.3",
+   "versions": {
+    "0.1": {
+     "digest": "46e7058419bc3086f2919fb9afad6b2e85f0d4764f74153dd336ed491f99fa08",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "524e2465c1bd817b4d54b37ccb4d2457eec1dad789e21690f51e43469545f426",
+     "deprecated": false
+    },
+    "0.3": {
+     "digest": "d3cae6c40fadd16693e449b4eb7a030586c8f1a9d9dd33c97001c9dc717c68f2",
+     "deprecated": false
+    }
+   },
+   "long_description": "IyBLbm93biBiYWQgdXNlci1hZ2VudHMKCkRldGVjdCBrbm93biBiYWQgdXNlci1hZ2VudHMuCgpCYW5zIGFmdGVyIHR3byByZXF1ZXN0cy4KCgoKCgo=",
+   "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1iYWQtdXNlci1hZ2VudApkZXNjcmlwdGlvbjogIkRldGVjdCBiYWQgdXNlci1hZ2VudHMiCmZpbHRlcjogJ2V2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gJiYgYW55KEZpbGUoImJhZF91c2VyX2FnZW50cy50eHQiKSwge2V2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50IGNvbnRhaW5zICN9KScKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL2JhZF91c2VyX2FnZW50cy50eHQKICAgIGRlc3RfZmlsZTogYmFkX3VzZXJfYWdlbnRzLnR4dAogICAgdHlwZTogc3RyaW5nCmNhcGFjaXR5OiAxCmxlYWtzcGVlZDogMW0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogc2NhbgogIHJlbWVkaWF0aW9uOiB0cnVlCg==",
+   "description": "Detect bad user-agents",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "type": "scan"
+   }
+  },
+  "crowdsecurity/http-bf-wordpress_bf": {
+   "path": "scenarios/crowdsecurity/http-bf-wordpress_bf.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "628d9988c1f2448f4ffa5a72fe8aec6e1c1eedd8c838447630cce653bf31cbd9",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "f4074942f2454ffeae226219e0807c63262413986a5b07fc939f4b0835e7bef2",
+     "deprecated": false
+    }
+   },
+   "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIHdvcmRwcmVzcyBsb2dpbiBwYWdlICd3cC1sb2dpbi5waHAnLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNQoK",
+   "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZgpkZXNjcmlwdGlvbjogImRldGVjdCB3b3JkcHJlc3MgYnJ1dGVmb3JjZSIKZGVidWc6IGZhbHNlCiMgZmFpbGVkIGF1dGggb24gd3AtbG9naW4ucGhwIHJldHVybnMgMjAwCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdodHRwX2FjY2Vzcy1sb2cnICYmIGV2dC5QYXJzZWQuZmlsZV9uYW1lID09ICd3cC1sb2dpbi5waHAnICYmIGV2dC5QYXJzZWQudmVyYiA9PSAnUE9TVCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWU=",
+   "description": "detect wordpress bruteforce",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "http",
+    "type": "bruteforce"
+   }
+  },
+  "crowdsecurity/http-crawl-non_statics": {
+   "path": "scenarios/crowdsecurity/http-crawl-non_statics.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "86265749b84641e86e7e8ea3c1df53a1cabd1e0e04b6f93853db5d0687913cc7",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "41fb957dfc8e2bb4ae76f2a64a5a25e169e5a0e7e53f42c432e84bec933657ca",
+     "deprecated": false
+    }
+   },
+   "long_description": "RGV0ZWN0IGNyYXdsIG9uIG5vbi1zdGF0aWMgKGpwZyxjc3MsanMsZXRjLikgaHR0cCBwYWdlcyBmcm9tIGEgc2luZ2xlIGlwLgoKTGVha3NwZWVkIG9mIDAuNXMsIGNhcGFjaXR5IG9mIDQwCg==",
+   "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWNyYXdsLW5vbl9zdGF0aWNzCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGFnZ3Jlc3NpdmUgY3Jhd2wgZnJvbSBzaW5nbGUgaXAiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnaHR0cF9hY2Nlc3MtbG9nJywgJ2h0dHBfZXJyb3ItbG9nJ10gJiYgZXZ0LlBhcnNlZC5zdGF0aWNfcmVzc291cmNlID09ICdmYWxzZSciCmRpc3RpbmN0OiAiZXZ0LlBhcnNlZC5maWxlX25hbWUiCmxlYWtzcGVlZDogMC41cwpjYXBhY2l0eTogNDAKI2RlYnVnOiB0cnVlCiN0aGlzIGxpbWl0cyB0aGUgbWVtb3J5IGNhY2hlIChhbmQgZXZlbnRfc2VxdWVuY2VzIGluIG91dHB1dCkgdG8gZml2ZSBldmVudHMKY2FjaGVfc2l6ZTogNQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwICsgJy8nICsgZXZ0LlBhcnNlZC50YXJnZXRfZnFkbiIKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBjcmF3bAogcmVtZWRpYXRpb246IHRydWUK",
+   "description": "Detect aggressive crawl from single ip",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "http",
+    "type": "crawl"
+   }
+  },
+  "crowdsecurity/http-generic-bf": {
+   "path": "scenarios/crowdsecurity/http-generic-bf.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "aaaf0209fe77be79d8d61a50e73e5da6807e8f13eb7d9832e705553770f6d376",
+     "deprecated": false
+    }
+   },
+   "long_description": "QWxlcnQgd2hlbiBhIHNpbmdsZSBJUCB0aGF0IHRyeSB0byBicnV0ZWZvcmNlIGh0dHAgYmFzaWMgYXV0aC4KCkxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUuCg==",
+   "content": "IyA0MDQgc2Nhbgp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWdlbmVyaWMtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgZ2VuZXJpYyBodHRwIGJydXRlIGZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5zZXJ2aWNlID09ICdodHRwJyAmJiBldnQuTWV0YS5zdWJfdHlwZSA9PSAnYXV0aF9mYWlsJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBiZgogcmVtZWRpYXRpb246IHRydWUK",
+   "description": "Detect generic http brute force",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "http",
+    "type": "bf"
+   }
+  },
+  "crowdsecurity/http-path-traversal-probing": {
+   "path": "scenarios/crowdsecurity/http-path-traversal-probing.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "3f00b0aa00448549a0a9635fdd86d8135503078c7087c1f5e4af11d49e7c2ee1",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "b02022230086b96c212913406376584cc431332bb5cd26078dffa44ff9454499",
+     "deprecated": false
+    }
+   },
+   "long_description": "VGhlIGh0dHAgcGF0aCB0cmF2ZXJzYWwgcHJvYmluZyBzY2VuYXJpbyBhaW1zIGF0IGRldGVjdGluZywgd2l0aCB2ZXJ5IGxpdHRsZSBmYWxzZSBwb3NpdGl2ZSBjaGFuY2VzLCBwYXRoIHRyYXZlcnNhbCBwcm9iaW5nIGF0dGVtcHRzLgoKUGF0aCB0cmF2ZXJzYWwgYXR0ZW1wdHMgd2lsbCBiZSBkZXRlY3RlZCB3aXRoIHRoZSBwcmVzZW5jZSBvZiBzcGVjaWZpYyBwYXRoIG1hbmlwdWxhdGlvbiBwYXR0ZXJucyBpbiB0aGUgVVJJIG9yIHRoZSBgR0VUYCBwYXJhbWV0ZXIgc3VjaCBhcyBgLi4vYCAsIGAlMkZldGMlMkZwYXNzd2RgIC4uLgoKOndhcm5pbmc6IFRoaXMgc2NlbmFyaW8gaXMgX25vdF8gYSBXQUYgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4=",
+   "content": "IyBwYXRoIHRyYXZlcnNhbCBwcm9iaW5nCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtcGF0aC10cmF2ZXJzYWwtcHJvYmluZwpkZXNjcmlwdGlvbjogIkRldGVjdCBwYXRoIHRyYXZlcnNhbCBhdHRlbXB0IgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddICYmIGFueShGaWxlKCdodHRwX3BhdGhfdHJhdmVyc2FsLnR4dCcpLHtldnQuTWV0YS5odHRwX3BhdGggY29udGFpbnMgI30pIgpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvcGF0aF90cmF2ZXJzYWwudHh0CiAgICBkZXN0X2ZpbGU6IGh0dHBfcGF0aF90cmF2ZXJzYWwudHh0CiAgICB0eXBlOiBzdHJpbmcKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKZGlzdGluY3Q6ICJldnQuTWV0YS5odHRwX3BhdGgiCmNhcGFjaXR5OiAzCnJlcHJvY2VzczogdHJ1ZQpsZWFrc3BlZWQ6IDEwcwpibGFja2hvbGU6IDJtCmxhYmVsczoKIHNlcnZpY2U6IGh0dHAKIHR5cGU6IHNjYW4KIHJlbWVkaWF0aW9uOiB0cnVlCg==",
+   "description": "Detect path traversal attempt",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "http",
+    "type": "scan"
+   }
+  },
+  "crowdsecurity/http-probing": {
+   "path": "scenarios/crowdsecurity/http-probing.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "580a3bcbb3756b8da7717c88708305791f39ef17c1e5c3041a1dd54b7293f57a",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "c8bb45b4fb8834ea1dc5cff6439dd272c87d7ee5af4a51e77341ec6edc5d7a25",
+     "deprecated": false
+    }
+   },
+   "long_description": "VGFrZSByZW1lZGlhdGlvbiBhZ2FpbnN0IGEgc2luZ2xlIElQIHRoYXQgcmVxdWlyZXMgbXVsdGlwbGUgZGlmZmVyZW50IChodHRwIHBhdGgpIHBhZ2VzIHRoYXQgZW5kIHVwIGluIDQwNC80MDMvNDAwLgoKTGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgMTAuCg==",
+   "content": "IyA0MDQgc2Nhbgp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLXByb2JpbmcKZGVzY3JpcHRpb246ICJEZXRlY3Qgc2l0ZSBzY2FubmluZy9wcm9iaW5nIGZyb20gYSBzaW5nbGUgaXAiCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ2h0dHAnICYmIGV2dC5NZXRhLmh0dHBfc3RhdHVzIGluIFsnNDA0JywgJzQwMycsICc0MDAnXSAmJiBldnQuUGFyc2VkLnN0YXRpY19yZXNzb3VyY2UgPT0gJ2ZhbHNlJyIKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCArICcvJyArIGV2dC5QYXJzZWQudGFyZ2V0X2ZxZG4iCmRpc3RpbmN0OiAiZXZ0Lk1ldGEuaHR0cF9wYXRoIgpjYXBhY2l0eTogMTAKcmVwcm9jZXNzOiB0cnVlCmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBzY2FuCiByZW1lZGlhdGlvbjogdHJ1ZQo=",
+   "description": "Detect site scanning/probing from a single ip",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "http",
+    "type": "scan"
+   }
+  },
+  "crowdsecurity/http-sensitive-files": {
+   "path": "scenarios/crowdsecurity/http-sensitive-files.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "9ed53c09709b6e9f11b52e204c8155e9a6b9db9de25686c6b1909a9c59740c5f",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "3f20d74ee5b040db30743ed189537e8c43e04f8954bb5a02251a3495e7a2a555",
+     "deprecated": false
+    }
+   },
+   "long_description": "IyBIVFRQIFNlbnNpdGl2ZSBmaWxlcwoKRGV0ZWN0IHRlbnRhdGl2ZSBvZiBkYW5nZXJvdXMgZmlsZSBzY2FubmluZyBzdWNoIGFzIGxvZ3MgZmlsZSwgZGF0YWJhc2UgYmFja3VwLCB6aXAgYXJjaGl2ZSBldGMgLi4uCgojIyMgUnVsZQpNb3JlIHRoYW4gMyBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGZpbGVzIGluIFt0aGlzIGxpc3RdKGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL3NlbnNpdGl2ZV9kYXRhLnR4dCk=",
+   "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1zZW5zaXRpdmUtZmlsZXMKZGVzY3JpcHRpb246ICJEZXRlY3QgYXR0ZW1wdCB0byBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGZpbGVzICgubG9nLCAuZGIgLi4pIG9yIGZvbGRlcnMgKC5naXQpIgpmaWx0ZXI6ICdldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCBhbnkoRmlsZSgic2Vuc2l0aXZlX2RhdGEudHh0IiksIHsgZXZ0LlBhcnNlZC5yZXF1ZXN0IGVuZHNXaXRoICN9KScKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKZGlzdGluY3Q6IGV2dC5QYXJzZWQucmVxdWVzdApkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvc2Vuc2l0aXZlX2RhdGEudHh0CiAgICBkZXN0X2ZpbGU6IHNlbnNpdGl2ZV9kYXRhLnR4dAogICAgdHlwZTogc3RyaW5nCmNhcGFjaXR5OiA0CmxlYWtzcGVlZDogNXMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIHR5cGU6IGRpc2NvdmVyeQogIHJlbWVkaWF0aW9uOiB0cnVlCg==",
+   "description": "Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "http",
+    "type": "discovery"
+   }
+  },
+  "crowdsecurity/http-sqli-probing": {
+   "path": "scenarios/crowdsecurity/http-sqli-probing.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "f3388a2016f9a7fc48a31a357b21c8e65093b8031fc7b120ee2f020de16be246",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "87683f8a569090e52fbcc6ca2ffe139658950d6a05f9d611fd13e90ab875cdb1",
+     "deprecated": false
+    }
+   },
+   "long_description": "VGhlIGh0dHAgc3FsaSBwcm9iaW5nIHNjZW5hcmlvIGFpbXMgYXQgZGV0ZWN0aW5nLCB3aXRoIHZlcnkgbGl0dGxlIGZhbHNlIHBvc2l0aXZlIGNoYW5jZXMsIFNRTCBpbmplY3Rpb24gcHJvYmluZyBhdHRlbXB0cy4KClNRTCBpbmplY3Rpb24gcHJvYmluZyBhdHRlbXB0cyB3aWxsIGJlIGNoYXJhY3Rlcml6ZWQgYnkgdGhlIHByZXNlbmNlIG9mIHNwZWNpZmljIFNRTC1yZWxhdGVkIHBhdHRlcm5zIGluIHVyaS9HRVQgYXJndW1lbnRzIChpZiBhbmQgd2hlbiB0aGlzIGlzIHdoZXJlIHRoZSBpbmplY3RlZCBwYXJhbWV0ZXIgaXMpLCBhbmQgdGhpcyBpcyB3aGF0IHRoaXMgc2NlbmFyaW8gZGV0ZWN0cy4KCgpUaGUgW3dvcmQgbGlzdF0oaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvc3FsaV9wcm9iZV9wYXR0ZXJucy50eHQpIGlzIHBpY2tlZCBzcGVjaWZpY2FsbHkgdG8gbGltaXQgZmFsc2UgcG9zaXRpdmVzLgpGdXJ0aGVybW9yZSwgYSBgZGlzdGluY3RgIGRpcmVjdGl2ZSBpcyBwcmVzZW50IG9uIHRoZSBnZXQgcGFyYW1ldGVycyB0aGVtc2VsdmVzIHRvIHJlZHVjZSBmYWxzZSBwb3NpdGl2ZSBjaGFuY2VzLgoKWW91IGNhbiB0ZXN0IHRoZSBiZWhhdmlvciBvZiB0aGUgc2NlbmFyaW8gYnkgbGF1bmNoaW5nIHRoZSBleGNlbGxlbnQgW3NxbG1hcF0oaHR0cHM6Ly9zcWxtYXAub3JnKSBvbiBvbmUgb2YgeW91ciBwYWdlcy4KCioqV0FSTklORyoqIFRoaXMgc2NlbmFyaW8gaXMgX25vdF8gYSBXQUYsIGFuZCB0aGlzIHNjZW5hcmlvIGRvZXMgX25vdF8gYWltcyBhdCByZXBsYWNpbmcgYSBXQUYuIEEgbW90aXZhdGVkIGF0dGFja2VyIHdpdGgga25vd2xlZGdlIG9mIGNyb3dkc2VjIHdpbGwgYmUgYWJsZSB0byBieXBhc3MgaXQuIEl0IGlzIG1vc3RseSBtZWFudCB0byBiZSBhIHdheSB0byBkZXRlY3QgZ2VuZXJpYyBTUUwgaW5qZWN0aW9uIHByb2Jpbmcgc3VjaCBhcyBwZXJmb3JtZWQgYnkgb3Blbi1zb3VyY2Ugb3IgY29tbWVyY2lhbCBzY2FubmVycy4KCg==",
+   "content": "dHlwZTogbGVha3kKI3JlcXVpcmVzIGF0IGxlYXN0IDIuMCBiZWNhdXNlIGl0J3MgdXNpbmcgdGhlICdkYXRhJyBzZWN0aW9uIGFuZCB0aGUgJ1VwcGVyJyBleHByIGhlbHBlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtc3FsaS1wcm9iYmluZy1kZXRlY3Rpb24KZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL3NxbGlfcHJvYmVfcGF0dGVybnMudHh0CiAgICBkZXN0X2ZpbGU6IHNxbGlfcHJvYmVfcGF0dGVybnMudHh0CiAgICB0eXBlOiBzdHJpbmcKZGVzY3JpcHRpb246ICJBIHNjZW5hcmlvIHRoYXQgZGV0ZWN0cyBTUUwgaW5qZWN0aW9uIHByb2Jpbmcgd2l0aCBtaW5pbWFsIGZhbHNlIHBvc2l0aXZlcyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSAmJiBhbnkoRmlsZSgnc3FsaV9wcm9iZV9wYXR0ZXJucy50eHQnKSwge1VwcGVyKGV2dC5QYXJzZWQuaHR0cF9hcmdzKSBjb250YWlucyBVcHBlcigjKX0pIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDEwCmxlYWtzcGVlZDogMXMKYmxhY2tob2xlOiA1bQojbG93IGZhbHNlIHBvc2l0aXZlcyBhcHByb2FjaCA6IHdlIHJlcXVpcmUgZGlzdGluY3QgcGF5bG9hZHMgdG8gYXZvaWQgZmFsc2UgcG9zaXRpdmVzCmRpc3RpbmN0OiBldnQuUGFyc2VkLmh0dHBfYXJncwpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIHR5cGU6IHNxbGlfcHJvYmluZwogIHJlbWVkaWF0aW9uOiB0cnVlCg==",
+   "description": "A scenario that detects SQL injection probing with minimal false positives",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "http",
+    "type": "sqli_probing"
+   }
+  },
+  "crowdsecurity/http-xss-probing": {
+   "path": "scenarios/crowdsecurity/http-xss-probing.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "8d6f0d6f9dc48f8f5ad561a2cdb315e499539b3575f259e0d6cf5850ef1efc9e",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "1c4d58e1a29cf806a92f67c981532f8a4656312abd05697dcc69b59b757f0076",
+     "deprecated": false
+    }
+   },
+   "long_description": "VGhlIGh0dHAgWFNTIHByb2Jpbmcgc2NlbmFyaW8gYWltcyBhdCBkZXRlY3RpbmcsIHdpdGggdmVyeSBsaXR0bGUgZmFsc2UgcG9zaXRpdmUgY2hhbmNlcywgWFNTIHByb2JpbmcgYXR0ZW1wdHMuCgpYU1MgcHJvYmluZyBhdHRlbXB0cyB3aWxsIGJlIGNoYXJhY3Rlcml6ZWQgYnkgdGhlIHByZXNlbmNlIG9mIHNwZWNpZmljIFhTUyByZWxhdGVkIHBhdHRlcm5zIGluIHVyaS9HRVQgYXJndW1lbnRzIChpZiBhbmQgd2hlbiB0aGlzIGlzIHdoZXJlIHRoZSBpbmplY3RlZCBwYXJhbWV0ZXIgaXMpLCBhbmQgdGhpcyBpcyB3aGF0IHRoaXMgc2NlbmFyaW8gZGV0ZWN0cy4KCgpUaGUgW3dvcmQgbGlzdF0oaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIveHNzX3Byb2JlX3BhdHRlcm5zLnR4dCkgaXMgcGlja2VkIHNwZWNpZmljYWxseSB0byBsaW1pdCBmYWxzZSBwb3NpdGl2ZXMuCkZ1cnRoZXJtb3JlLCBhIGBkaXN0aW5jdGAgZGlyZWN0aXZlIGlzIHByZXNlbnQgb24gdGhlIGdldCBwYXJhbWV0ZXJzIHRoZW1zZWx2ZXMgdG8gcmVkdWNlIGZhbHNlIHBvc2l0aXZlIGNoYW5jZXMuCgoKKipXQVJOSU5HKiogVGhpcyBzY2VuYXJpbyBpcyBfbm90XyBhIFdBRiwgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4gQSBtb3RpdmF0ZWQgYXR0YWNrZXIgd2l0aCBrbm93bGVkZ2Ugb2YgY3Jvd2RzZWMgd2lsbCBiZSBhYmxlIHRvIGJ5cGFzcyBpdC4gSXQgaXMgbW9zdGx5IG1lYW50IHRvIGJlIGEgd2F5IHRvIGRldGVjdCBnZW5lcmljIFhTUyBwcm9iaW5nLgo=",
+   "content": "dHlwZTogbGVha3kKI3JlcXVpcmVzIGF0IGxlYXN0IDIuMCBiZWNhdXNlIGl0J3MgdXNpbmcgdGhlICdkYXRhJyBzZWN0aW9uIGFuZCB0aGUgJ1VwcGVyJyBleHByIGhlbHBlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAteHNzLXByb2JiaW5nCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3dlYi94c3NfcHJvYmVfcGF0dGVybnMudHh0CiAgICBkZXN0X2ZpbGU6IHhzc19wcm9iZV9wYXR0ZXJucy50eHQKICAgIHR5cGU6IHN0cmluZwpkZXNjcmlwdGlvbjogIkEgc2NlbmFyaW8gdGhhdCBkZXRlY3RzIFhTUyBwcm9iaW5nIHdpdGggbWluaW1hbCBmYWxzZSBwb3NpdGl2ZXMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnaHR0cF9hY2Nlc3MtbG9nJywgJ2h0dHBfZXJyb3ItbG9nJ10gJiYgYW55KEZpbGUoJ3hzc19wcm9iZV9wYXR0ZXJucy50eHQnKSwge1VwcGVyKGV2dC5QYXJzZWQuaHR0cF9hcmdzKSBjb250YWlucyBVcHBlcigjKX0pIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAxcwpibGFja2hvbGU6IDVtCiNsb3cgZmFsc2UgcG9zaXRpdmVzIGFwcHJvYWNoIDogd2UgcmVxdWlyZSBkaXN0aW5jdCBwYXlsb2FkcyB0byBhdm9pZCBmYWxzZSBwb3NpdGl2ZXMKZGlzdGluY3Q6IGV2dC5QYXJzZWQuaHR0cF9hcmdzCmxhYmVsczoKICBzZXJ2aWNlOiBodHRwCiAgdHlwZTogeHNzX3Byb2JpbmcKICByZW1lZGlhdGlvbjogdHJ1ZQo=",
+   "description": "A scenario that detects XSS probing with minimal false positives",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "http",
+    "type": "xss_probing"
+   }
+  },
+  "crowdsecurity/iptables-scan-multi_ports": {
+   "path": "scenarios/crowdsecurity/iptables-scan-multi_ports.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "85bd908ec6efae802035e4553f5dd41e4d5b6b53b2f237dd256533965bd44cd7",
+     "deprecated": false
+    }
+   },
+   "long_description": "RGV0ZWN0cyBhIHBvcnQgc2NhbiA6IGRldGVjdHMgaWYgYSBzaW5nbGUgSVAgYXR0ZW1wdHMgY29ubmVjdGlvbiB0byBtYW55IGRpZmZlcmVudCBwb3J0cy4KCkxlYWtzcGVlZCBvZiA1cywgY2FwYWNpdHkgb2YgMTUuCg==",
+   "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9pcHRhYmxlcy1zY2FuLW11bHRpX3BvcnRzCmRlc2NyaXB0aW9uOiAiYmFuIElQcyB0aGF0IGFyZSBzY2FubmluZyB1cyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2lwdGFibGVzX2Ryb3AnICYmIGV2dC5NZXRhLnNlcnZpY2UgPT0gJ3RjcCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0LlBhcnNlZC5kc3RfcG9ydApjYXBhY2l0eTogMTUKbGVha3NwZWVkOiA1cwpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiB0Y3AKICB0eXBlOiBzY2FuCiAgcmVtZWRpYXRpb246IHRydWUKCg==",
+   "description": "ban IPs that are scanning us",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "tcp",
+    "type": "scan"
+   }
+  },
+  "crowdsecurity/modsecurity": {
+   "path": "scenarios/crowdsecurity/modsecurity.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "447c63986f53a743d08fc16677d7f5427ed4b7efca6a0d73c47991d83582e0d0",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "45c2a35d4ee071e66197aa2381b0c066a18d17fe6b8aee7b0e83efb21512cdbc",
+     "deprecated": false
+    }
+   },
+   "long_description": "VGFrZSBhIHJlbWVkaWF0aW9uIGFnYWluc3QgYW4gSVAgdGhhdCB0cmlnZ2VyIGEgbW9kc2VjdXJpdHkgcnVsZSB3aXRoIGEgYENSSVRJQ0FMYCBzZXZlcml0eS4K",
+   "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIldlYiBleHBsb2l0YXRpb24gdmlhIG1vZHNlY3VyaXR5IgpmaWx0ZXI6IGV2dC5QYXJzZWQucnVsZXNldmVyaXR5ID09ICdDUklUSUNBTCcKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogd2ViX2F0dGFjawogIHNlcnZpY2U6IGh0dHAKICByZW1lZGlhdGlvbjogdHJ1ZQogIHNjb3BlOiBpcAo=",
+   "description": "Web exploitation via modsecurity",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "scope": "ip",
+    "service": "http",
+    "type": "web_attack"
+   }
+  },
+  "crowdsecurity/mysql-bf": {
+   "path": "scenarios/crowdsecurity/mysql-bf.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "3783ff9de7b6d19697ee121314b20b21b8c765b279a9caacc70d3c75f4ebd455",
+     "deprecated": false
+    }
+   },
+   "long_description": "RGV0ZWN0IHNldmVhbCBmYWlsZWQgbXlzcWwgYXV0aGVudGljYXRpb25zLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgMwo=",
+   "content": "IyBteXNxbCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L215c3FsLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG15c3FsIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ215c3FsX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IG15c3FsCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=",
+   "description": "Detect mysql bruteforce",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "mysql",
+    "type": "bruteforce"
+   }
+  },
+  "crowdsecurity/naxsi-exploit-vpatch": {
+   "path": "scenarios/crowdsecurity/naxsi-exploit-vpatch.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "908ceeb2d7f5607a114a872847df34662e4c80ed07338a55f125a56985f0d095",
+     "deprecated": false
+    }
+   },
+   "long_description": "RGV0ZWN0cyBuYXhzaSBibG9ja2VkIHJlcXVlc3RzIG9uIGN1c3RvbSAoPjk5OTkpIHJ1bGVzLgoKVHJpZ2dlcnMgb24gZmlyc3QgcmVxdWVzdC4K",
+   "content": "IyBuYXhzaSB2cGF0Y2ggcnVsZXMgZGV0ZWN0aW9uCnR5cGU6IHRyaWdnZXIKbmFtZTogY3Jvd2RzZWN1cml0eS9uYXhzaS1leHBsb2l0LXZwYXRjaAojIGlkIGlzIGJpZ2dlciB0aGFuIDlrLCBjdXN0b20gcnVsZQpkZXNjcmlwdGlvbjogIkRldGVjdCBjdXN0b20gYmxhY2tsaXN0IHRyaWdnZXJlZCBpbiBuYXhzaSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3dhZl9uYXhzaS1sb2cnICYmIGxlbihldnQuUGFyc2VkLm5heHNpX2lkKSA+IDQiCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogc2NhbgogcmVtZWRpYXRpb246IHRydWUK",
+   "description": "Detect custom blacklist triggered in naxsi",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "http",
+    "type": "scan"
+   }
+  },
+  "crowdsecurity/postfix-spam": {
+   "path": "scenarios/crowdsecurity/postfix-spam.yaml",
+   "version": "0.2",
+   "versions": {
+    "0.1": {
+     "digest": "03876677d3fe37bdc9ad584cb015e3f0b648266450b2b494a40e1863d5a64d8a",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "b36d95dc5ba9cb45c8cbb1a3d37bd19d929ed387f3d7ec386b4e9e041d0bbd8e",
+     "deprecated": false
+    }
+   },
+   "long_description": "Q29udGFpbnMgbXVsdGlwbGUgc2NlbmFyaW9zOgoKLSBjcm93ZHNlY3VyaXR5L3Bvc3RmaXgtc3BhbTogcG9zdGZpeCBzY2VuYXJpbyBicnV0ZWZvcmNlIHNwYW0gYXR0ZW1wdCAobGVha3NwZWVkIG9mIDEwcyB3aXRoIGEgY2FwYWNpdHkgb2YgNSkKLSBjcm93ZHNlY3VyaXR5L3Bvc3RzY3JlZW4tcmJsOiBwb3N0c2NyZWVuIHJiIGF0dGVtcHQgYmxhY2tsaXN0IChjYXBhY2l0eSBvZiAwKQoK",
+   "content": "IyBwb3N0Zml4IHNwYW0KdHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9wb3N0Zml4LXNwYW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc3BhbW1lcnMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlX2VuaCA9PSAnc3BhbS1hdHRlbXB0JyB8fCBldnQuTWV0YS5sb2dfdHlwZSA9PSAncG9zdGZpeCcgJiYgZXZ0Lk1ldGEuYWN0aW9uID09ICdyZWplY3QnIgpsZWFrc3BlZWQ6ICIxMHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9TcGFtbWluZwpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IGZhbHNlCmxhYmVsczoKIHNlcnZpY2U6IHBvc3RmaXgKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIHBvc3RmaXggc3BhbQp0eXBlOiB0cmlnZ2VyCm5hbWU6IGNyb3dkc2VjdXJpdHkvcG9zdHNjcmVlbi1yYmwKZGVzY3JpcHRpb246ICJEZXRlY3Qgc3BhbW1lcnMiCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ3Bvc3RzY3JlZW4nICYmIGV2dC5NZXRhLnByZWdyZWV0ID09ICdQUkVHUkVFVCciCmxlYWtzcGVlZDogIjEwcyIKcmVmZXJlbmNlczoKICAtIGh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL1NwYW1taW5nCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogZmFsc2UKbGFiZWxzOgogc2VydmljZTogcG9zdHNjcmVlbgogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUKCg==",
+   "description": "Detect spammers",
+   "author": "crowdsecurity",
+   "references": [
+    "https://en.wikipedia.org/wiki/Spamming"
+   ],
+   "labels": {
+    "remediation": "true",
+    "service": "postfix",
+    "type": "bruteforce"
+   }
+  },
+  "crowdsecurity/smb-bf": {
+   "path": "scenarios/crowdsecurity/smb-bf.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "ee7fea38f0a67bde1aae3979cf0579da03da5adf4e69826f12a82c74b812e9d6",
+     "deprecated": false
+    }
+   },
+   "long_description": "dHJhY2tzIGZhaWxlZCBzYW1iYSBhdXRoZW50aWNhdGlvbnMuCg==",
+   "content": "IyBzbWIgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NtYi1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzbWIgYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnc21iX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IHNtYgogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWU=",
+   "description": "Detect smb bruteforce",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "smb",
+    "type": "bruteforce"
+   }
+  },
+  "crowdsecurity/ssh-bf": {
+   "path": "scenarios/crowdsecurity/ssh-bf.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "4441dcff07020f6690d998b7101e642359ba405c2abb83565bbbdcee36de280f",
+     "deprecated": false
+    }
+   },
+   "long_description": "RGV0ZWN0IGZhaWxlZCBzc2ggYXV0aGVudGljYXRpb25zIDoKCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2VycwogCg==",
+   "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzc2ggYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9mYWlsZWQtYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKcmVmZXJlbmNlczoKICAtIGh0dHA6Ly93aWtpcGVkaWEuY29tL3NzaC1iZi1pcy1iYWQKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IHNzaAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUKLS0tCiMgc3NoIHVzZXItZW51bQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc3NoIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfZmFpbGVkLWF1dGgnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudGFyZ2V0X3VzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBzc2gKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCgo=",
+   "description": "Detect ssh bruteforce",
+   "author": "crowdsecurity",
+   "references": [
+    "http://wikipedia.com/ssh-bf-is-bad"
+   ],
+   "labels": {
+    "remediation": "true",
+    "service": "ssh",
+    "type": "bruteforce"
+   }
+  },
+  "crowdsecurity/telnet-bf": {
+   "path": "scenarios/crowdsecurity/telnet-bf.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "fd1769c247b352916a0400c33668b315a6d7a0ab8e672f339b00d9de2df71229",
+     "deprecated": false
+    }
+   },
+   "long_description": "IyMgRGV0ZWN0IFRlbG5ldCBicnV0ZWZvcmNlIGF0dGFjay4KCiMjIyBSdWxlCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDU=",
+   "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS90ZWxuZXQtYmYKZGVzY3JpcHRpb246ICJkZXRlY3QgdGVsbmV0IGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3RlbG5ldF9uZXdfc2Vzc2lvbicKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiB0ZWxuZXQKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVl",
+   "description": "detect telnet bruteforce",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "telnet",
+    "type": "bruteforce"
+   }
+  },
+  "crowdsecurity/vsftpd-bf": {
+   "path": "scenarios/crowdsecurity/vsftpd-bf.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1",
+     "deprecated": false
+    }
+   },
+   "long_description": "IyMgRGV0ZWN0IEZUUCBicnV0ZWZvcmNlIGF0dGFjay4KCiMjIyBSdWxlCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDU=",
+   "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvdnNmdHBkLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEZUUCBicnV0ZWZvcmNlICh2c2Z0cGQpIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdmdHBfZmFpbGVkX2F1dGgnCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogZnRwCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQ==",
+   "description": "Detect FTP bruteforce (vsftpd)",
+   "author": "crowdsecurity",
+   "labels": {
+    "remediation": "true",
+    "service": "ftp",
+    "type": "bruteforce"
+   }
+  },
+  "ltsich/http-w00tw00t": {
+   "path": "scenarios/ltsich/http-w00tw00t.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "f0cba1520658a1016e9d1952473fa9e78175deef2117d2b921e7d994a6e7a549",
+     "deprecated": false
+    }
+   },
+   "long_description": "dHJpZ2dlciBzY2VuYXJpbyB0byBkZXRlY3QgdzAwdHcwMHQgcGF0dGVybiB1c2VkIGJ5IGh0dHAgdnVsbmVyYWJpbGl0eSBzY2FubmVyLCBzZWUgW3RoaXMgcmVzc291cmNlXShodHRwczovL2lzYy5zYW5zLmVkdS9mb3J1bXMvZGlhcnkvdzAwdHcwMHQvOTAwLykKCj4gQ29udHJpYnV0ZWQgYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=",
+   "content": "I2NvbnRyaWJ1dGVkIGJ5IGx0c2ljaAp0eXBlOiB0cmlnZ2VyCm5hbWU6IGx0c2ljaC9odHRwLXcwMHR3MDB0CmRlc2NyaXB0aW9uOiAiZGV0ZWN0IHcwMHR3MDB0IgpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2h0dHBfYWNjZXNzLWxvZycgJiYgZXZ0LlBhcnNlZC5maWxlX25hbWUgY29udGFpbnMgJ3cwMHR3MDB0LmF0LklTQy5TQU5TLkRGaW5kJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogc2NhbgogcmVtZWRpYXRpb246IHRydWUK",
+   "description": "detect w00tw00t",
+   "author": "ltsich",
+   "labels": {
+    "remediation": "true",
+    "service": "http",
+    "type": "scan"
+   }
+  }
+ }
+}
\ No newline at end of file

diff --git a/README.md b/README.md
new file mode 100644 (file)
index 0000000..06e4abe
--- /dev/null
+++ b/README.md
@@ -0,0 +1,14 @@
+
+> CrowdSec Hub for parsers, enrichers and scenarios.
+
+# Foreword
+
+This repository stores most of the official parsers/scenarios/collections for crowdsec.
+
+The repository is not intended for use as-is, but rather as source of truth for the [CrowdSec Hub](https://hub.crowdsec.net/) and `cscli`.
+
+Feel free to use the parsers/scenarios here as a source of inspiration.
+
+
+The results of the continuous integration tests can be seen at [CI tests results](https://crowdsecurity.github.io/hub/)
+

diff --git a/blockers.go b/blockers.go
new file mode 100644 (file)
index 0000000..e895b52
--- /dev/null
+++ b/blockers.go
@@ -0,0 +1,142 @@
+package main
+
+import (
+       "context"
+       "encoding/base64"
+       "encoding/json"
+       "fmt"
+       "io/ioutil"
+       "log"
+
+       "github.com/google/go-github/github"
+)
+
+type ItemInfo struct {
+       //Source info (crafted by humans)
+       Name  string `json:"name"`
+       Owner string `json:"author"`
+       Logo  string `json:"logo"`
+       //Main infos about repo
+       URL           string `json:"url"`
+       Description   string `json:"description"`
+       Stargazers    int    `json:"stars"`
+       DownloadCount int    `json:"downloads"`
+       ReadmeContent string `json:"readme_content"`
+       //Infos about last downloadable version
+       LastVersion string `json:"version"`
+       DownloadURL string `json:"download_url"`
+       AssetURL    string `json:"asset_url"`
+       Status      string `json:"status"`
+}
+
+//DumpJSON dumps the list to a json file
+func DumpJSON(file string, items []ItemInfo) error {
+       dump, err := json.MarshalIndent(items, "", " ")
+       if err != nil {
+               return fmt.Errorf("failed to unmarshal : %s", err)
+       }
+       err = ioutil.WriteFile(file, dump, 0755)
+       if err != nil {
+               return fmt.Errorf("failed to write dump : %s", err)
+       }
+       return nil
+}
+
+//LoadJSON loads a list of blockers from json
+func LoadJSON(file string) ([]ItemInfo, error) {
+       var blockers []ItemInfo
+       body, err := ioutil.ReadFile(file)
+       if err != nil {
+               return nil, fmt.Errorf("failed to open %s : %s", file, err)
+       }
+       if err = json.Unmarshal(body, &blockers); err != nil {
+               return nil, fmt.Errorf("failed to decode json : %s", err)
+       }
+       return blockers, nil
+}
+
+//UpdateItem refreshes the item information from github api
+func UpdateItem(item ItemInfo) (ItemInfo, error) {
+       /*Configure client with auth*/
+       client := github.NewClient(nil)
+       /*get main infos about repo*/
+       log.Printf("updating %s/%s", item.Owner, item.Name)
+       repinfo, _, err := client.Repositories.Get(context.Background(), item.Owner, item.Name)
+       if err != nil {
+               return item, fmt.Errorf("unable to get %s/%s : %s", item.Owner, item.Name, err)
+       }
+       item.Stargazers = repinfo.GetStargazersCount()
+       log.Printf("Stargazers : %d", item.Stargazers)
+       item.URL = repinfo.GetHTMLURL()
+       log.Printf("URL : %s", item.URL)
+       item.Description = repinfo.GetDescription()
+       log.Printf("Description : %s", item.Description)
+
+       /*get the readme*/
+       readme, _, err := client.Repositories.GetReadme(context.Background(), item.Owner, item.Name, nil)
+       if err != nil {
+               return item, fmt.Errorf("Failed to get the readme : %s", err)
+       }
+
+       content, err := readme.GetContent()
+       if err != nil {
+               return item, fmt.Errorf("Failed to get the readme content : %s", err)
+       }
+       log.Printf("len(readme) : %d", len(content))
+       item.ReadmeContent = base64.StdEncoding.EncodeToString([]byte(content))
+
+       // Fetch nb downloads of all (pre-)releases
+       releases, _, err := client.Repositories.ListReleases(context.Background(), item.Owner, item.Name, nil)
+       if err != nil {
+               log.Fatalf("Failed to fetch releases : %+v", err.Error())
+       }
+       if len(releases) > 0 {
+               /*get download count*/
+               for _, release := range releases {
+                       for x, asset := range release.Assets {
+                               if x == 0 {
+                                       item.AssetURL = asset.GetBrowserDownloadURL()
+                                       log.Printf("AssetURL : %s", item.AssetURL)
+                               }
+                               item.DownloadCount += asset.GetDownloadCount()
+                       }
+               }
+       }
+
+       /*get infos about latest release*/
+       release, _, _ := client.Repositories.GetLatestRelease(context.Background(), item.Owner, item.Name)
+       if release != nil {
+               item.LastVersion = *release.TagName
+               log.Printf("LastVersion : %s", item.LastVersion)
+               item.DownloadURL = release.GetHTMLURL()
+               log.Printf("DownloadURL : %s", item.DownloadURL)
+               log.Printf("len(assets) : %d", len(release.Assets))
+               if len(release.Assets) > 0 {
+                       item.AssetURL = release.Assets[0].GetBrowserDownloadURL()
+               } else {
+                       item.AssetURL = *release.ZipballURL
+               }
+               item.Status = "stable"
+       } else {
+               /*if has prerelease*/
+               releases, _, err := client.Repositories.ListReleases(context.Background(), item.Owner, item.Name, nil)
+               if err != nil {
+                       log.Fatalf("Failed to fetch releases : %+v", err.Error())
+               }
+               if len(releases) > 0 {
+                       item.DownloadURL = *releases[0].HTMLURL
+                       item.LastVersion = *releases[0].TagName
+                       item.Status = "unstable"
+                       log.Printf("Has only prereleases : %s", item.DownloadURL)
+                       log.Printf("LastVersion : %s", item.LastVersion)
+               } else {
+                       item.LastVersion = "no release"
+                       item.DownloadURL = *repinfo.HTMLURL + "/tags"
+                       item.AssetURL = *repinfo.HTMLURL + "/tags"
+                       item.DownloadCount = 0
+                       item.Status = "development"
+                       log.Printf("Has no release : %s", item.DownloadURL)
+               }
+       }
+       return item, nil
+}

diff --git a/blockers.json b/blockers.json
new file mode 100644 (file)
index 0000000..b854365
--- /dev/null
+++ b/blockers.json
@@ -0,0 +1,100 @@
+[
+ {
+  "name": "cs-nginx-bouncer",
+  "author": "crowdsecurity",
+  "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAJIElEQVR4nO2de3BU1R3HP+fukheQlJdVIAgiFKUIhSoEeeRBEqzN0KGBsRaTEHBaa4UAikAgBAkglPJsxzIdSAhFrGGYKaIhYReiVR61EEWLBErBgoISsLwSILv39A+GsToE9t69zzSff3N+5/fd882es7vn3N+BZppppplmmnEhhYWFSmFhoWK3jnAQdgvQS2rpY8NVVV0BRAhFTPVlba+wW5MeXGdA2rq0eNUjFkjJOL6pf5tQg5N9ub5/2aVND64xIK00raUaVF6QQr4IRDXS7DrIP0R4PXPKx5VftFKfXpxvgESMWJ/+lISXgXtCjKpFUNQ2OvZ3ZWPLgmbKCxdHG5C8Pv0RIVkBJOjs4oBETtmZU/mOkbqMxJEGJP7psc7eoLrwFvO8XrZ5FDmpMqvyuAF9GYqjDMhYkxFTH9EwXQp1Oohog7t35PrgsVsAABKR3HXkmIA3uBXBKBAtTMjiATEwqMrs7j/pfjmr31PVVVVV0oQ8mrD9HZBSPPJhFLkCyWAr8wrYjyLyfFnb37Uy7y102EPy+h93UmhYZOA8r5dtQSmeqxq//YQdyS1/4RlrMmKuRF1/TkhmA62szn9rZL2QYlW9GrngvQlbL1mZ2bo14OY83yL4FyHJBCIsy31HRAsEQ7xK0PL1wZJ3QGpp6g+DqmeFQD5qRb7wEX9XCebtytnxnumZzOw8dW1qR9XjmQtyIuC2Xy2lEGxWGzwv7Jz41qdmJTHFgITXx0RH11+cJCT5QGszclhInZCsDrS8VlQ1tuqy0Z0bbkBycVqGEGIV0NXovu1FfiYQs3zZFRsQGLY+GGZAUknaAAWxHBhqVJ8O5X2pyryduZW7jegsbAPSN6TfEwiKQpATcMo3a/ORQrAZEXzel+X7dzgd6TZgzOtjIs7XX3wGyUtAbDgiXEydkOI3V1q2XrxnbFm9ng50GXBjnldWgLxPT3wT5JSAfD3rgyYDktel9xcKy4FhmuT9nyAk+0DJ840v3xtyTKgNU9anr0WSQ5if5wfHJ5DZezQ92/UgyhtFXUMdJy+c4oMzH/JGzTbOXP4inO516QCoqT3C5kNb2HMy5LFrDBVBiT+7YkIojUM3oCQ97I9eEwfk8sT3xzb694AaoKS6lD9/XIY07pOeJh2vfvQa6w6UhJ3Dn1MR0tha9u10cHzCbQcfwKt4mTggl18P/JVtOp7s8wSDOg80Lf+3scyAzN6jQ247qlcGWX3H2aZDi9ZwscyAHu3u19Q+q984RvXKsEVHz3Y9Dc/bGJYZEO3VvsX77CPPMKSLsRtloeiIaWH0dnTjOPoXSkUozBw2g9539bZbimk42gCASE8E85PnEh8Xb7cUU3C8AQCxkbEsSVtEh5j2dksxHFcYANAhpj0LRxTRKsIh28gG4RoDALq16Uph0hxaeMw4NmQPrjIAoN/dfZn+6DSEsP1IkyG4zgCApG6JPD0gpJ9aHI8rDQAY2zuTnz5o3TdWs3CtAQC/fPhpUrun2C0jLFxtgEAwbfAUBnTsb7cU3TjOgI+//Iem9l7FS8HwfO5r080kRebiOAPy/QUc/+qEppiWES1ZNKKI77a6yxxRJuI4A65cv8Is32zOXjmrKa5dTDuWpC4iLirOJGXm4DgDAM7W1TLTN4fL17UdROsU24milHlEeRt7iNJ5ONIAgBP/OcHcXS/REGzQFPdA+17MHj4Tj3DHESXHGgDw4ZmDLH53KVJq2x8e1HkgkwY9a5IqY3G0AQBVJ95m9b7fa457vOeP+PlDPzNBkbE43gCArTXb2Hxoi+a4nB9kMbJHugmKjMMVBgCsef+P7Djm1xQjEExNmMzgeL3PeZuPawyQSH67ezn7Pz+gKU4RCvnDZvBghwdMUhYerjEAbhzcmldVxD/PH9MUF+mNZH7KPOLjOpukTD+uMgCgrqGOfH8BX1z+UlNcXGQsC1Lmm6RKP64zAOBc3TmmV87gwtULmuI6tg612Ip1uNIAgM8ufU6+v4Crgat2SwkL1xoAcLi2hqK3FxGUji4JdFtcbQDA3lP7WLVX+xc1p+B6AwDePPIWGw9usluGLpqEAQAl1aVsP+q+wolNxgCJZNmelew+ucduKZpoMgYAqFJlwTsvc+jsJ3ZLCZkmZQDAtcA15vjncvLCKbulhESTMwDgwrWLzPLP4Xz9V3ZLuSNN0gCA05dOM9tfQH1A1/PTlmGZAaEMRF1DnaE5j5w7SsHOeQTUgKY4o3XcDssMOFJ79I5tamqPGJ63+vQHLNu9UtNjr2boaAzLDAhlR0vPrlcoVB7bQUl1acjtzdJxKywzYM/Jvbz60WuN/n3jwU3sO/U30/JvPLiJlXtX33EqNFvHt7H0SXm4cWIhs/dovtf+xqOgh8/WsPnQFstedNvoNiR1S2JIl8F0iYsnLiqO+kC94TpCfVJeS62Il5DyeRNKCjcxZD1CLPVnVxSE0lpbtRTnFFt1KpqLhOsaRLvKDTsVAfulZIp/fMVfdcTqRCKSS0ZmCiGXAl109+NuTgtkYZuYuLV6L4oIexoxueS8UzGsFL5h87gJly44FUMvCzJ8oJJK0wYqKitADDK6b5uplsg8o69DMec/9euLdxYDd5uSwzpMvRDI1KkixKunnEoDyFfMvvLEkrn6NpevOZVtEiVvZ065tjOQOrB0MEYUj0yUQi4H+lmZVwOfCEVMsfJaREs3ZHzjt1cNPZEwQEA2YE19ytA4hyCvbUxsH6vvpLRtOnDI+tAA8hVxTS3w/cKn7aCpQdg+HyduSL/fq7JQSsZYnNqHqkz255YfsjjvN7DdgJukrE9PApYj6WtmHgmHEXLqzuzKcjPzhIpjNuX92RW7hh5P6G/i+nAeQZ5677U+Thl8cNA74H9JLE78jpfIGVKQB0SG2V0DiOJgRIv8qiffqDVCn5E40oCbpBan9pCKsiCM9cGnQt6unAptFUAsxNEG3CS1ZGSKilwGPBRSgKBGSKb5cireNFdZ+LjCAIDEXYle76cRuRIxH2isLMp5KVjSLjp2ednYsutW6tOLawy4yZCNj7eJuh54UQqm8PVtfAEQ6yJUMbs8t1xbmRWbcZ0BN0krTusVFGIZgEfKqZXjKw/bramZZppppplmtPBfF3sPBXFW2BYAAAAASUVORK5CYII=",
+  "url": "https://github.com/crowdsecurity/cs-nginx-bouncer",
+  "description": "CrowdSec bouncer for Nginx",
+  "stars": 5,
+  "downloads": 224,
+  "readme_content": "PHAgYWxpZ249ImNlbnRlciI+CjxpbWcgc3JjPSJodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1uZ2lueC1ib3VuY2VyL3Jhdy9tYWluL2RvY3MvYXNzZXRzL2Nyb3dkc2VjX25naW54LnBuZyIgYWx0PSJDcm93ZFNlYyIgdGl0bGU9IkNyb3dkU2VjIiB3aWR0aD0iMjgwIiBoZWlnaHQ9IjMwMCIgLz4KPC9wPgo8cCBhbGlnbj0iY2VudGVyIj4KPGltZyBzcmM9Imh0dHBzOi8vaW1nLnNoaWVsZHMuaW8vYmFkZ2UvYnVpbGQtcGFzcy1ncmVlbiI+CjxpbWcgc3JjPSJodHRwczovL2ltZy5zaGllbGRzLmlvL2JhZGdlL3Rlc3RzLXBhc3MtZ3JlZW4iPgo8L3A+CjxwIGFsaWduPSJjZW50ZXIiPgomI3gxRjREQTsgPGEgaHJlZj0iI2luc3RhbGxhdGlvbi8iPkRvY3VtZW50YXRpb248L2E+CiYjeDFGNEEwOyA8YSBocmVmPSJodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQiPkh1YjwvYT4KJiMxMjgxNzI7IDxhIGhyZWY9Imh0dHBzOi8vZGlzY291cnNlLmNyb3dkc2VjLm5ldCI+RGlzY291cnNlIDwvYT4KPC9wPgoKCgojIENyb3dkU2VjIE5HSU5YIEJvdW5jZXIKCkEgbHVhIGJvdW5jZXIgZm9yIG5naW54LgoKIyMgSG93IGRvZXMgaXQgd29yayA/CgpUaGlzIGJvdW5jZXIgbGV2ZXJhZ2VzIG5naW54IGx1YSdzIEFQSSwgbmFtZWx5IGBhY2Nlc3NfYnlfbHVhX2ZpbGVgLgoKTmV3L3Vua25vd24gSVAgYXJlIGNoZWNrZWQgYWdhaW5zdCBjcm93ZHNlYyBBUEksIGFuZCBpZiByZXF1ZXN0IHNob3VsZCBiZSBibG9ja2VkLCBhICoqNDAzKiogaXMgcmV0dXJuZWQgdG8gdGhlIHVzZXIsIGFuZCBwdXQgaW4gY2FjaGUuCgpBdCB0aGUgYmFjaywgdGhpcyBib3VuY2VyIHVzZXMgW2Nyb3dkc2VjIGx1YSBsaWJdKGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2x1YS1jcy1ib3VuY2VyLykuCgojIEluc3RhbGxhdGlvbgoKIyMgSW5zdGFsbCBzY3JpcHQKCkRvd25sb2FkIHRoZSBsYXRlc3QgcmVsZWFzZSBbaGVyZV0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtbmdpbngtYm91bmNlci9yZWxlYXNlcykKCmBgYGJhc2gKdGFyIHh2emYgY3MtbmdpbngtYm91bmNlci50Z3oKY2QgY3MtbmdpbngtYm91bmNlci8Kc3VkbyAuL2luc3RhbGwuc2gKYGBgCgpJZiB5b3UgYXJlIG9uIGEgbW9uby1tYWNoaW5lIHNldHVwLCB0aGUgYGNzLW5naW54LWJvdW5jZXJgIGluc3RhbGwgc2NyaXB0IHdpbGwgcmVnaXN0ZXIgZGlyZWN0bHkgdG8gdGhlIGxvY2FsIGNyb3dkc2VjLCBzbyB5b3UncmUgZ29vZCB0byBnbyAhCgojIyBVcGdyYWRlIHNjcmlwdAoKIyMgVXBncmFkZQoKSWYgeW91IGFscmVhZHkgaGF2ZSBgY3MtbmdpbngtYm91bmNlcmAgaW5zdGFsbGVkLCBwbGVhc2UgZG93bmxvYWQgdGhlIFtsYXRlc3QgcmVsZWFzZV0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtbmdpbngtYm91bmNlci9yZWxlYXNlcykgYW5kIHJ1biB0aGUgZm9sbG93aW5nIGNvbW1hbmRzOgoKYGBgYmFzaAp0YXIgeHp2ZiBjcy1uZ2lueC1ib3VuY2VyLnRnegpjZCBjcy1uZ2lueC1ib3VuY2VyLXYqLwpzdWRvIC4vdXBncmFkZS5zaApzdWRvIHN5c3RlbWN0bCByZXN0YXJ0IG5naW54CmBgYAoKIyMgQ29uZmlndXJhdGlvbgoKSWYgeW91ciBuZ2lueCBib3VuY2VyIG5lZWRzIHRvIGNvbXVuaWNhdGUgd2l0aCBhIHJlbW90ZSBjcm93ZHNlYyBBUEksIHlvdSBjYW4gY29uZmlndXJlIEFQSSB1cmwgYW5kIGtleSBpbiBgL2V0Yy9jcm93ZHNlYy9jcy1uZ2lueC1ib3VuY2VyL2Nyb3dkc2VjLmNvbmZgOgoKYGBgbHVhCkFQSV9VUkw9aHR0cDovLzEyNy4wLjAuMTo4MDgwCkFQSV9LRVk9PEFQSSBLRVk+IC0tZ2VuZXJhdGVkIHdpdGggYGNzY2xpIGJvdW5jZXJzIGFkZCAtbiA8Ym91bmNlcl9uYW1lPgpMT0dfRklMRT0vdG1wL2x1YV9tb2QubG9nCkNBQ0hFX0VYUElSQVRJT049MQpDQUNIRV9TSVpFPTEwMDAKYGBgCgpUaGVuIHJlc3RhcnQgbmdpbng6CgpgYGBzaApzdWRvIHN5c3RlbWN0bCByZXN0YXJ0IG5naW54CmBgYAoKOndhcm5pbmc6IHRoZSBpbnN0YWxsYXRpb24gc2NyaXB0IHdpbGwgdGFrZSBjYXJlIG9mIGRlcGVuZGVuY2llcyBmb3IgRGViaWFuL1VidW50dQo8ZGV0YWlscz4KICA8c3VtbWFyeT5ub24tZGViaWFuIGJhc2VkIGRlcGVuZGVuY2llczwvc3VtbWFyeT4KCiAgLSBsaWJuZ2lueC1tb2QtaHR0cC1sdWEgOiBuZ2lueCBsdWEgc3VwcG9ydAogIC0gbHVhLXNlYyA6IGZvciBodHRwcyBjbGllbnQgcmVxdWVzdAo8L2RldGFpbHM+CgoKIyMgRnJvbSBzb3VyY2UKCiMjIyBSZXF1aXJlbWVudHMKClRoZSBmb2xsb3dpbmcgcGFja2FnZXMgYXJlIHJlcXVpcmVkIDoKCi0gbHVhCi0gbHVhLXNlYwotIGxpYm5naW54LW1vZC1odHRwLWx1YQoKIyMjIyBEZWJpYW4vVWJ1bnR1CgpgYGBiYXNoCnN1ZG8gYXB0LWdldCBpbnN0YWxsIGx1YTUuMyBsaWJuZ2lueC1tb2QtaHR0cC1sdWEgbHVhLXNlYwpgYGAKCkRvd25sb2FkIHRoZSBmb2xsb3dpbmcgMiByZXBvc2l0b3JpZXM6CgotIFtgbHVhLWNzLWJvdW5jZXJgXShodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9sdWEtY3MtYm91bmNlcik6CmBgYGJhc2gKZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2x1YS1jcy1ib3VuY2VyLmdpdApgYGAKCi0gW2Bjcy1uZ2lueC1ib3VuY2VyYF0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtbmdpbngtYm91bmNlcikKYGBgYmFzaApnaXQgY2xvbmUgaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtbmdpbngtYm91bmNlci5naXQKYGBgCgojIyMgSW5zdGFsbGF0aW9uCgojIyMjIGx1YS1jcy1ib3VuY2VyCgpgYGBiYXNoCmNkIC4vbHVhLWNzLWJvdW5jZXIvCnN1ZG8gbWFrZSBpbnN0YWxsCmBgYAoKIyMjIyBjcy1uZ2lueC1ib3VuY2VyCgotIENvcHkgdGhlIGBjcy1uZ2lueC1ib3VuY2VyL25naW54L2Nyb3dkc2VjX25naW54LmNvbmZgIGludG8gYC9ldGMvbmdpbngvY29uZi5kL2Nyb3dkc2VjX25naW54LmNvbmZgOgpgYGBiYXNoCmNwIC4vY3MtbmdpbngtYm91bmNlci9uZ2lueC9jcm93ZHNlY19uZ2lueC5jb25mIC9ldGMvbmdpbngvY29uZi5kL2Nyb3dkc2VjX25naW54LmNvbmYKYGBgCi0gQ29weSB0aGUgYGNzLW5naW54LWJvdW5jZXIvbmdpbngvYWNjZXNzLmx1YWAgaW50byBgL3Vzci9sb2NhbC9sdWEvY3Jvd2RlYy9hY2Nlc3MubHVhYDoKYGBgYmFzaApjcCAuL2NzLW5naW54LWJvdW5jZXIvbmdpbngvYWNjZXNzLmx1YSAvdXNyL2xvY2FsL2x1YS9jcm93ZGVjL2FjY2Vzcy5sdWEKYGBgCgpDb25maWd1cmUgeW91ciBBUEkgdXJsIGFuZCBrZXkgaW4gYC9ldGMvY3Jvd2RzZWMvY3MtbmdpbngtYm91bmNlci9jcm93ZHNlYy5jb25mYDoKCmBgYGx1YQpBUElfVVJMPWh0dHA6Ly8xMjcuMC4wLjE6ODA4MApBUElfS0VZPTxBUEkgS0VZPiAtLWdlbmVyYXRlZCB3aXRoIGBjc2NsaSBib3VuY2VycyBhZGQgLW4gPGJvdW5jZXJfbmFtZT4KTE9HX0ZJTEU9L3RtcC9sdWFfbW9kLmxvZwpDQUNIRV9FWFBJUkFUSU9OPTEKQ0FDSEVfU0laRT0xMDAwCmBgYAoKWW91IGNhbiBub3cgcmVzdGFydCB5b3VyIG5naW54IHNlcnZlcjoKYGBgYmFzaApzeXN0ZW1jdGwgcmVzdGFydCBuZ2lueApgYGAKCgojIENvbmZpZ3VyYXRpb24KClRoZSBjb25maWd1cmF0aW9uIGZpbGUgbG9hZGVkIGJ5IG5naW54IGlzIGAvZXRjL25naW54L2NvbmYuZC9jcm93ZHNlY19uZ2lueC5jb25mYCwgYnV0IHlvdSBzaG91bGRuJ3QgaGF2ZSB0byBlZGl0IGl0LCB0aGUgcmVsZXZhbnQgY29uZmlndXJhdGlvbiBmaWxlIGJlaW5nIGAvZXRjL2Nyb3dkc2VjL2NzLW5naW54LWJvdW5jZXIvY3Jvd2RzZWMuY29uZmAgOgoKYGBgYmFzaApBUElfVVJMPWh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCAgICAgICAgICAgICAgICAgPC0tIHRoZSBBUEkgdXJsCkFQSV9LRVk9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8LS0gdGhlIEFQSSBLZXkgZ2VuZXJhdGVkIHdpdGggYGNzY2xpIGJvdW5jZXJzIGFkZCAtbiA8Ym91bmNlcl9uYW1lPmAgCkxPR19GSUxFPS90bXAvbHVhX21vZC5sb2cgICAgICAgICAgICAgICAgICAgICA8LS0gcGF0aCB0byBsb2cgZmlsZQpDQUNIRV9FWFBJUkFUSU9OPTEgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC0tIGluIHNlY29uZHMgOiBob3cgb2Z0ZW4gaXMgdGhlIHllcy9ubyBkZWNpc2lvbnMgZm9yIGFuIElQIHJlZnJlc2hlZApDQUNIRV9TSVpFPTEwMDAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC0tIGNhY2hlIHNpemUgOiBob3cgbWFueSBzaW11bGF0ZW5vdXMgZW50cmllcyBhcmUga2VwdCBpbiAKYGBgCgojIEhvdyBpdCB3b3JrcwoKIC0gZGVwbG95cyBgL2V0Yy9uZ2lueC9jb25mLmQvY3Jvd2RzZWNfbmdpbnguY29uZmAgd2l0aCBgYWNjZXNzX2J5X2x1YWAgZGlyZWN0aXZlCiAtIGRlcGxveXMgYC91c3IvbG9jYWwvbHVhL2Nyb3dkc2VjL2FjY2Vzcy5sdWFgIHdpdGggdGhlIGx1YSBjb2RlIGNoZWNraW5nIGluY29taW5nIElQcyBhZ2FpbnN0IGNyb3dkc2VjIEFQSQoKIyBUZXN0aW5nCgpXaGVuIHlvdXIgSVAgaXMgYmxvY2tlZCwgYW55IHJlcXVlc3Qgc2hvdWxkIGxlYWQgdG8gYSBgNDAzYCBodHRwIHJlc3BvbnNlLgo=",
+  "version": "v0.0.4",
+  "download_url": "https://github.com/crowdsecurity/cs-nginx-bouncer/releases/tag/v0.0.4",
+  "asset_url": "https://github.com/crowdsecurity/cs-nginx-bouncer/releases/download/v0.0.4/cs-nginx-bouncer.tgz",
+  "status": "stable"
+ },
+ {
+  "name": "cs-wordpress-bouncer",
+  "author": "crowdsecurity",
+  "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAYRklEQVR4nO1dd3hUVdr/TabX9N4IJCGYkJAECF2T0KSoGLDifrqAfDYQRNT1cZfdz3VXmiiK4u6KIr0LCkozVCEBAmlASMiENNInkymZ/v2RZJhzp9w7KeDzbH5/zT33zHvOPe8973nbORfoRz/60Y9+9KMf/ehHP/rx3wbWg+6AKyQv/yEkKlA802gyjVS1G+Nb1LqINq1BqjOYuEqtgaPVGz0AQMjjmGVCrpHPZRukQm6bj4hfIRZyijlsdk55nfpQ3srHax70szjD74oBics2i2OCQxYqtfpZ5fVtSbfrlVKLpWc0WSxgUKCsbYC/9JpUyN2bU9WyseqTp7S90+Oe43fBgNlrjs9QqHXvXpY3jlKo9ey+bEsq5JqTInyuS4Xc1Yffm/odwOohi3uGB8aAAS9uEiQlhK7Ou904r7JJLXgQfQj3lWiTB/j8u6jS9Hbp+mm6B9GH+86AxGWbxQMCAjdcLG14tr5Vy3VVl+3BQlKkL4YN8EFMsCcGB3shKkAKqZALLxEPYj4HAKDWGaHQ6NGmNeB2vRIlta0oqWnFVXkTrlU0w0wjxwI9hYYRMQFbatS61y+vmKnpvaelx31lwKw1xxddKq1fWdWs5jurE+Itwuy0KGQMDcGEuGB4iXk9arNFrcOp4rs4WViNvRflqFU4H99wX4lubFzAu9sXZa7rUaNu4L4wIGvtyfiqJuWhnNKGKEf3BVw2stKi8MKEGGQmhIDt0TfdMpktOJpfha1nSrE3Rw6dweSwXlq0f1mwn3jm/iWTrvdJR2zQ5wyYtebo0uyi2lUKtd6Dek/M52Be+mC8/VgiQn3Efd0VAvVKLTYcvY51PxVAqTXY3ZcKueb0hJAPflg2+aO+7EefMSD6jcP8CH/LL9nFNQ9TRTCH7YFFU+Px3hPD4Ct1Ko0AADUtGlyr6JDlV+VNkDe0oVWjh0KtR6tGD5PZAomAC5mQCz+ZADFBnogOkiEp0gfj4oIQ6Cl0Sb9B2Y6/78vDhmPXYTSZiXssFjAtOfw3k9CcfmRR3yzSfcKAaSt/CrpT315QVNnsR703Li4IX/xxDIZG+Dj9/5XyRvyQW4H9uXIUVrb0qC9xIV6YlhyOp0YPxMhof6f1rsqb8Po353G+pM7uXmKkT0Okp+fQg+9PtL/ZQ/Q6A2asPBpzo6rlSlmdUmJbzueysfL5kXh9SjxYDlrV6IzYdKoEnx4uROldZW93CwAwKFCGVyYPwfyMOMiE9gqYxQKsO1KI97blQG8kZ0N0oEyVEuubuvP1iSW92adeZcAz606mnb1x93R1i5pQXQYFyrBjcQZSB9pNCLRq9Fj7YwG+PHYdjW3tvdkdp5AJuXh18kN45/EkeIrstayc0gY88+lJyBvaiPIwH7F+/JDA8dsWZeb0Vl96jQFz1p0c/NuNu/nUwc+ID8HetybaPajFAmw9W4rlWy/iruLBeAb8ZQL8dU4qFmTG2WleLWodnlxzHKeKa4nyMB+x/uGhQYlbXs242Rt96BUGPPrRYf+yelXZrdpWqW35EyMisW1RBgRc0rtw624rXv76rN3DPSiMHRyI7157BAMDiO5DZzDhD19kY/eFcqJ8UKBUHRsmjT68fPrdnrbdYwZEv3GYL+JrqwooC+689MH4asE4uzfrh0sVeHHDKbRq9D1tulchEXDx+R/H4A8TYohyk9mCl78+g03ZpOhPjPCpN4pN4UUrnurRg9jp5u5iQIDlGHXwnxgRaTf4JrMF7+/IxZNrjv3uBh8AVO0GvLjhFN7dlkO4LtgeLPxr4XjMGUXakPl3mgNCOZIjPW23RwyY88nxpSeLasbblqXHB2P7ogxi8I0mM/7wRTb+ceAaeupe7isIuGzMGRWFAE8hbtWSWpgHi4XvX0/HpKGhRPnxwuqM2Z8cX96TdrstgrLWnow/UVCZ36q5Z+FGB8mQ+9ETxIJrNJkx9/Ns7Prtdk/62aeYmRqBL+aNRRiNNa5Q65H63n6U19/TjrwlPHP6kKD4vcum3OhO292eAVVNykO2g8/nsrFjcQYx+GaLBc+v//V3Pfj/83AMDiybTDv4AOAl5mHnm5ngce4NW4tK71GjaD/Y3fa7xYCstccXUx1rq19IQ0oUqef/bc8VOw3i94ToIBm+mj/OoWHoDMMH+uHj50cSZRdu1cc8ve7kq93pg9sMSFy2WZxzq/5j27IJQ4Lw6qSHiHo/XKrAh/uudqdP9w1vTksAn+t+AG7R1ASMHRxIlF0oqVszesku144nB+C4+4fIwKAvCy5VWD1oHLYHPntpDPEWmS0W5JTWY/Gj8eBx2JCJeGB7sOAl5oHL9oC3mA8vMQ9SARc/X6vCBzsvEW2MiQ3EB1nJMFssUKj1UGj0UGr10BnM0OqMUOsMVlcBiwV4ifjgcjwgFnAg4LLhJeqgL+ZzcKKgBh8fvObwWcYODnL38a1tfjl/HFLf3Q9DpwPvTpNKkDQ8cj2A+W7RcqfygBc3CbQ8rtI2krVsxlCsnJvmDhkCJrMFgrnfwGS+px7tWpKJ2WkOQwduw2gyQzB3k8Oo2LWVT7p0CtJh6eYLWHe40Hod7CXSi3jeMnfCm26JoKT4sDW2gy8RcLH88SR3SADocEM0KNtRXKXABzsvEYMPAJtP3cKNGgU0OqPbtLugN5pR3azG6h8LnIYky+raHJYzxfuzkiER3HPq1So0vIRIzscu/mIHN0SQhZVXvv2PtiWvTh4CP6l78fQFG8/g21MldoNuix+v3MGPV+4A6GDyAH8Jcj56ws6l4QhvfHMeW8+VQqGmN/ZOFFTjiRGRzDuPDvdE17rhK+Vj4cQ4rPmxwHo/r7zpZcCyhGm2BeMZ8NjHR5+zzV4QcNlYPC2Bec87kTk0xOXgU6FqN6CwsgU/dTKEDiNjAhgNPgBsO1cGrd69WbYvR05cvzUjEULevff4TqNKOHvtiaeZ0mPMAKXWsMz2+ukxAxHsJWL6dytmpkZCxHd77ce2s2WM6j0xPJLRTAE6PJ7rfy52qx/fn74FtY1oDPIS4smRA4g6zar2ZWAIRgwIW7JLmFfRmGhbNnc86bT6/kyp0yC3LcR8DqYmhTHtnxWHr1aiWUW/tkmFXExOZE7/nz9cdSsOYTJb8M2vpCd67vho4vrS7cbkkJc3Mno7GTEgLcznFaXGYK0b7itGenwwUWfNoXyr3KbD7FHuazg6gwl7LjIz6tyhr1Dr8e429+IrG46Ss2bi0FCEeN8b7zatwWNU7MB5TGgxYoBSq59lez1n1EB42Cj+uWUNyL/TjC1nSpmQw4yUCEJuMsVWhvQfc0MMAcCm7BKcvcHMta/SGXCzphUFd5qtZWwPlp3arNIZspjQY8SA8vo2QtfMSAgh7u/pdDccuVrJaDpLBFw8Osx9MXT25l27MKEjyIRcTHFDzFkswBubzttlRThCi6pjgd9LmY3plDGR17clM2mblgGj3z8UerteaQ0VcdgeGBdHWpDHCqoBdOjeOxk63rojhiyWDs2lL+hfq2jG1ydcOzRNZgvKO1+AvRflxL2HhwQTLviyujbZiLd/ojW1aRkQ7COcYWvHpEb5ERkF9UotrlU0Wa+3nGYmJmamRlpzO90BYzGUGum2mPvrnisOk7S6UNGosioaRVUtqGu9F8v2EvMIZ6TZYkFoAGc6XZu0DDCYzYSfISmSNN3P3qgjgiwXS+txs6aVjizEfI5bYqIL16sVuFLeSFtPKuRiSlIobT1bNCjb8dUx59mIV+VNxPW1imbiOpHi1rCwWKPo2qRlgKbdEG97HRviSdwvrrJPnNp6ltlb2h0xBDC3CWaPGug27e9OOU/7yS4iN9rkyckXgTo2aq2RGDtHoGVAs0oXTjQSTDZyo1ph958tZ0oZhR67qw1tP1fGyJqemRLhljYEdMywPMqb3oVsShbH1XKy3mAKA5pV7bR+DloGKDV6IlcjipK6UVJrL27kDW04fZ0+5aS72lCtQoMThfTbvqRCLqZ2g/65m/YZiBWNKhRRZntlk5q4jvInx0apNZAFDkDLAK3eROTwUROsnFmnfS+GmNGf0w0xVOFA1d12tsxuVreoyWenjo1Wb3S5AQVgsgbojYSMkApImm3tjrWG3RfKGTm6uiuGDuTKaXe+dJe+2oEbfOd5+3WH6vSTUvJNNXoTbcP0DNAZiTpU1bHNidrWqtHj4GV614REwMW05HDaelQkhPsQ1rgzSIVct31PnkLyTS6sbEH+nWa7etQZQH05NToj7QLU48QsV4vhltO3GNHojhhy5z9zRrtH309Gxjgcvf2A62dnCloGiPgcwj6nTk8BzzmTf8mvZpR4OzMlwi2jjMWCnQvYJX03jb74cG/i2pl1L6Q8O1Uci/gcWvcwPQN4HGLEqY3IhM430RlNZuz8jV5nF/E5mDqMuRgaHROICD+JtQ06uGv02RqbuWUNTvcrUJ+dakWLeGzaRZDJDCCoUvM6Q31cu72Zeki7K1L+tjevV+lHBUiJQNMOF74n6r42JWVshDyOc79GJ2gZIBVyCZ3MNi0PAG1G2eXbjXb6syNMTw5nFCljsYCsTtevUmvA6kP5di4BR5iREsGIvu2CbbZYXCaWRfiRz15OUV9llLFzBFoG+Ir5hCpD9fPEh5Hy0hGYOOg6jDJ6MTQ6JtDK9AO5crQbTNhyhn6xZ0p/io3hdvZGHaqa1U7rplB2/NyoJsfGV8KX07VHL4IEnCLba6rlOzSSPq9m69lSRjo7EzFhW2fn+Y7FcdtZZq4JOvpeYh4RztzhRPvpwvCB5Ka/klrSLSPkcwpBA1oGcNhsIl5n63oGOrLY6FDVrLbzozgCnTZkq/00trXjeGccolahsf7uCf2skVFW35HRZMY+is+f2pdUSi5sPkUUerBAG+ukZUBFU+tBW4PnSnkTsRCHeIsQF+JFRwbfM7AJ6LQhW+1nX47cmhboDn1XYujZcYOsv48X1qBe6VyFHhLqRRyjoFDrCSeeB4uF0qr2H+n6RMuAyx9l1Q4MlFoXE6PJjDOU+CkTS3ZfjtyhiU+FKzFBih9SPBy4VOHUKmdC30fCxwSbSJ8z48tKhxIDzi6uJcTgoCBZa+Gnj9PuK2ZkCUf5SYg05xMFpCeSiexu0xpwIFdOW8+ZmLAVP7UKDU5fJ18Cjc5olzTlCDOc0J+WHA4Ou2M42g0mHMitcEnnqdGDiOuThaQIjPKTMNKPGTFAIuLts73ec7Gc4HZadABigjzt/kcFE5vAmRiyFT+7frvtcNFlKoYczdjpKRHW30euVrrcx5Y8wBcPhd0TuyazxS5GLBJy9tB2BgwZkFPVslEm4loFbnWzGidtokMsFrBwUhwtneMF1ahpoT+Ox9GMsi1ztuMmu7jWzkfvmD7pouayPTDFRvvp0q6c4QXKTspjBdXEMTieIp45r6D6P7QdAUMGVH3ylDZ5gC+RZE91tL30SKzD7f+2MJkt2M4gq4FqNLFY9xggb2jDhVv1Dv9ntlgYxSGmJ4cTYmh8XJB1QVW1G1wmmAXIhFiQSb5s1LFIifK7LP/2JUbpdoy9oVIhf5Xt9e4L5cTb7C3mY9Gj9Mm6rmKuXRBTtJUxsfeMrx3nb7sMdzIxykR8DiFyZqTe+30gt8JlWvyyxxIJ5t1VaLGfsl54irmrqP9zBsYMOLR80o5wX4lVL2s3mLDupwKizpLpCbTp6oWVLYxcB7YiJyuNXvx0obhKgcu36bMmbOnPsGGGK/oBMiFemTSEKFt9KJ8IPEX4SbT735rESP4DbsUDWJbkgb7f2JZ8eew6GpT3Zpq3mI8PnxlOS4nJW9olhmx9Pzc7z4Gjp08vhqYN6xBDQ0K9EB0kA9ARXj2aX+X0Px8+M5x4+5vadHbJXMkD/Da6cxKjWwGZH07ceCvQU2hVttU6I/55gNyINz9jsN0GNiqYuA7EfA6mDQvH6JhAhPt2iR9m6Sjbz5XRuqlFfA5mpEQQb/++HLndMTVdeHRYOOalDybK/m/vFahs3PPBXiL9LXXLO4w62Qn3ImJHFulGxvhvsy1a/0sxIVI8WCxsfu0Ru/ioLZhmNcweFUW4npnuN65XavFLPr1rYvaoKMy0kf/OXM9eYh6+WkBuZy2404wNlCSu4YP8vnX37Ai3Q5LVav2rYT5iq9wxmsx4/ZtzxMIYFSDFl/PHuaTDRGefnhJhtTivyptw3UEOkjMwCYdOSw7H6E5f1l2FFqccpNKwWMCGeWOtsxDo0Lb+999niVkW4SfR5hfXLGbcwU64zYDLK2Zq0mL9ifMRzt2sw2c/k46/58YOwtLpQ53SOZArp3UdiPkca9DD3d32By/foT0URMjjWBNqd19wbNz9OSsFz4whrd51hwvxWwmpCqfFBixlqnraoltB+T1LJq1Pi/Yn5uvyLTl2nVo5dySeGu04L0fN0HUAdGRF76AxjqjQ6o2MN3QAjteXeemD8ZfZKURZblkD/rQ9lygbExtQsmtx5ldudbAT3c6KCPYTz/QS86xz0GAyY+7nvxK5Mh4sFr579WGnzjom2hDQkfDLZF+APX1m4dCKRpWdcTcjJQJfzh9LlLWodXh63UliofYW800hvtLH3O5cJ7rNgP1LJl3PHBr2lu3CVF7fhllrjqHdZq8Yn8vGvrcmOdx4/WsRM9cBnWvAGU5fr2XEuJ0U4+6lR2Kx962JVucc0GH3zFp9jKDHYgGZicHv7X6z+8eX9SgvaM+SzHWZ8aGnbMtOFdfimXUniQWKx/HAzjcz8WfKdDZbLNh2zvVbarZY3BIltug4l45edd1u04d3HkvCvxdOANdm8E1mC174PNvOAzspIez47jcnMbZ6HaHHiVk1JtXkxEifBtuyg5crsPBfZ4lFjcUCVsxOsVNR6bSh09fvotpFXJYOdGLuRo0C1yqa4SXmYesb6fjHcyMIddNktmDBxjN2W5KSIn3rGu/cmdbtjnWixwwoWvGUPiLA56HYYE9irm/KLsHstcft8kPnjo/G5X/MsoYy6VwHdIEROtysacXFUsfOO6BjcZ+SFIb8VVl4diyp7egMJjz32Ul8S/FfDQqUqSI8ZUmXv15IHwGiQa98LKHk6HeaR55dsEepNr7cpjVYbfWbNa04f7MOjw8fQGTQ+Uj4ePGRWAR7i3HhVh0AlsM0coPJjPkbz0Dj5m52KgQctlNFwGLpOPPBUdb3zJW/4MhV0jUR5iPWjRgUlLT/nczKHnWqEz2eAV3Yu3jyrQlDAieE+YgJ5Tu7uBap7+1HbhkhpeDBYmHhxDiUfvo0BgZKHXo4TxTW9Mphrjt/u+3UxZAeH2x3YNPF0nqkvrvfTuaH+Yh1YwYHjN+9NJ2ZesUAvfq5kIIjm6sfeW7BDrMJLzWrdNYzhRRqPTafvgWJgIu06ADigQVctl1ZF/6+P4+R55QOGr0RKVF+iAt1nTxgtliw9qdCzF2fjWZK5nNssKdqVEzwsB1vZhQ4+Xu30GszoAsHl04tTQjziqYuzHqjGUs3X8D4vxxiNKgWi+PdN+4iPswb7z6ehJhgmct6efImjPvzIby95SKRbQF0LLixYf5R2xY/zMxwcQN9dnx9/IpdvBC2+MiJopoMR8fXvzb5Ibz/5DDa+EFdqxbnS+pwraIZxZUtqGpWo7JJDY3OiFaNHh4eLEgFXEiFXIR4ixAVIEV0oAzDB/kjLcYfATL64+s/3JeHDUeL7VwRLBYwLSniVG25fFJvLLiO0OcfcHjusxOvHMuvWd/Y1m4n7h70Bxw++bEQ638pchgB85HwzZMTw97evjhjbV/24/58wmT1L3E1Le2HLpTWRzu63/UJk+fHR2PS0NAH/gmT0bEBJaG+0sd6YuEyxX39iE/WmmOv5JY1rHX12apgLxGy0gYgIyEUDz8UBG+x6y9s0KFZpcOp67U4WVCDvTnlLjeMRPpJ2sc9FPT2ltfSP+9Ro27gvn/GKnXFIVGoiLc+t7Rh7t1WrctPJDn6jNXAQCkkAi68xTzreW2qdgNa1N3/jFWwl0g/PNrvu/yimkXdcSn3BA/sQ27RbxzmJ0RyV1253Ti/sknl9nmbvYEIP4k2Ocr36wMXFcuxu2enoHcXv4tPGT656th0pVb/3hV506gWte6+fMpQLOCu+vlPUzf/137K0BHCluwSjgjzWaDS6J+UN7Yl365rkzHZV+AKHiwWBgVKlZH+0isSIWdPXkH1f+63mHGF3xUDqIh/e1dQdKDXDABpKo0+vkWtj2xrN0i1OiNXpTNyu/Ywi/gcs4TPMQj5HINUwG3zkQgqxAJ2IZvFyimp1B5ikqXcj370ox/96Ec/+tGPfvSjH/cL/w/RdOpfEcCqbwAAAABJRU5ErkJggg==",
+  "url": "https://github.com/crowdsecurity/cs-wordpress-bouncer",
+  "description": "CrowdSec is an open-source cyber security tool. This plugin blocks detected attackers or display them a captcha to check they are not bots.",
+  "stars": 8,
+  "downloads": 16,
+  "readme_content": "IyBDcm93ZFNlYyBXb3JkUHJlc3MgQm91bmNlcgoKIVtDcm93ZFNlYyBXb3JkUHJlc3MgQm91bmNlcl0oLndvcmRwcmVzcy1vcmcvYmFubmVyLTE1NDR4NTAwLnBuZyAiQ3Jvd2RTZWMgV29yZFByZXNzIEJvdW5jZXIiKQoKIyBIb3cgdG8gaW5zdGFsbCB0aGlzIHBsdWdpbiBpbiBXb3JkUHJlc3MKCgotIEdvIHRvIFdvcmRQcmVzcyBiYWNrZW5kCi0gR28gdG8gJ1BsdWdpbnMnIC0+ICdBZGQgTmV3JwotIFNlYXJjaCAiY3Jvd2RzZWMiCi0gTm93IHlvdSBjYW4gYWN0aXZhdGUgaXQgYW5kIHNlZSBhIG5ldyBtZW51IG5hbWVkICJDcm93ZFNlYyIKCiMgV29yZFByZXNzIE1hcmtldHBsYWNlCgpZb3UgY2FuIGZpbmQgdGhpcyBwbHVnaW4gb24gdGhlIFtXb3JkUHJlc3MgUGx1Z2lucyBNYXJrZXRwbGFjZV0oaHR0cHM6Ly93b3JkcHJlc3Mub3JnL3BsdWdpbnMvY3Jvd2RzZWMvKS4KCiMgRkFRCgpMb29rIGF0IHRoZSBbRkFRIG9mIHRoaXMgcGx1Z2luXShkb2NzL2ZhcS5tZCkuCgojIyBEZXZlbG9wZXIgcmVzb3VyY2VzCgotIEluc3RhbGwgV29yZFByZXNzIGFuZCB0aGUgQ3Jvd2RTZWMgcGx1Z2luIGxvY2FsbHkgd2l0aCBkb2NrZXItY29tcG9zZQoKTG9vayBhdCB0aGUgW0luc3RhbGxhdGlvbiBndWlkZV0oZG9jcy9pbnN0YWxsLXdpdGgtZG9ja2VyLWNvbXBvc2UubWQpLgotICBEZW1vIGd1aWRlCgpGb2xsb3cgdGhlIFtEZW1vIEd1aWRlXShkb2NzL2Z1bGwtZ3VpZGUubWQpIHRvIGRpc2NvdmVyIHRoZSBtYWluIGZlYXR1cmVzIHRoaXMgcGx1Z2luIGlzIGNhcGFibGUgb2YuCgotICBIb3cgdG8gY29udHJpYnV0ZT8KCkxvb2sgYXQgdGhlIFtDb250cmlidXRvciBndWlkZV0oZG9jcy9jb250cmlidXRlLm1kKS4KCiMgTUlUIExpY2VuY2UKCltNSVQgTGljZW5zZV0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvcGhwLWNzLWJvdW5jZXIvYmxvYi9tYWluL0xJQ0VOU0UpCg==",
+  "version": "v0.6.0",
+  "download_url": "https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v0.6.0",
+  "asset_url": "https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/download/v0.6.0/crowdsec.zip",
+  "status": "stable"
+ },
+ {
+  "name": "cs-firewall-bouncer",
+  "author": "crowdsecurity",
+  "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAO10lEQVR4nO2deXRUVZ7HP/fVmlRCErJvQkhCEkJCQgFhTQBlCaI20CAgyKBGzWjPONMObqg96sHpFnV6tM/x2GL3uHGOM+fQC3bjQhM2lQ4DjRA3BLUhUAkkgYQkVamqd+ePkJCQKrLUq0p5Tn3+eq/evb/7e+/73l1/7xWECBEiRIgQIUKECBEiRIgQIUIEDDHcDviC1Wo1NBGWrFcceqeitH574EDdcPs0WH5wAoyxzrxOrzrvRIhyYCKg63G4ScBfpGTL14c/3QHI4fFy4PxgBBhrtcahGjYjWA0YBpDlC6R8NiUqbGtVVZXL3/4NlR+EADnWkjlSFVsRJA4h+z5VGpZ+c3jvOc0d04CgFyBn0owcqboPAFE+mDlqcJin19RUXdLKL61QhtuB/pBu9xZ8u/gABU6zfaMW/mhNUD8BuRNLrCrioEbmOoSiK/zq4P6vNLKnCUH9BKhCLNfQnFGq6mMa2tOEoBYAlYnaGpTLRxfNjtbWpm8EtwBCjNfYotmo2BdobNMnglsAZMxgUkdHRzEqPR0hvDdtEjnfZ7c0RD/cDnhj9OzZZprt5q79/LxckhIT2Lv/UzqcHb3SCiG4/54KVixbgk5ROP7NSR564klsdfV97ArEZP97P3CC9glQWlpMXduL5s/j1Zf+k6cff4znn30avb73fXPjgvmsWr4MndJ5OtlZY/j3xx7xZjrLXz4PhaAVQI2MdACYTSZ+Unk3NpuNkydPYC0uYm5Zaa+0t69eCcDB6moOVlcDUJA/juIJhZ5Mmwii8w4aR67mu6qqDoD8cXlERkRw953rWbNqJcePH2fmtJLudJGREaSlpvD2m29QeU8FlfdU8M7bb9GZN9eDZdkMqIE4h4EQtALQeZE64uPisNls2Gw2nE4n2//wexIS4rsTxcaMBOi+6ABbL293HeuNaPGn04MlmAUAaLx48SIjRoxAuVy/nz9/nsbGpu4Etvp6pJRcunRlmqelpfMan7X1XR4QQTZFHdwCCNHwxVdfYzAamFVaRphJclvZOUoN93L0uSPseqKGX66toeHYc5TOKO7ONqVkKlJKDh463MekhLTCwkJLIE/jWuj6TzJ8xCan3mp3OEaZzWb+9Y4Z3DdzG/G6w3x7qpX0BAgzuqk/105RwieUT/iO4vEJxCUXcs8/P8n+T6vZ9sftnswKF6bfNdhOnQn0+XgiaMcBnYgGgPPHnid2XC16nYs2vaAou/OoXgejkwWqBIU2yrK+pCzrSxyndnLkhIUYSyJNrX3vMSFkIVAdyDPxRpBXQTTeNbeOTSu/R690LmqFm0HX45omxQqUHgPfCy2SP1Y1s2C8jefWfOfFsJzrN58HSVALICUNyyfX0eHsP62jA7btVnn5f90UZQsiLb2F6WVXsGD27NlB8fQHtQAKNNjdRv70scppLwuKHU748K8qz73tIjYKHl2nJyu988pbkq/3Zjq2ttmx0C9OD5KguAu8oUraH383ndf/8TQ7D1zivX2SjBSB2QhuCd+dgbMNkmkFgg1r9Rh7nI0zYhYJWc8QHlZBW3u7B+uyAvDYSgeS4O4FpaQtq79onGFKX8NtpU2MS2ugqUWiqhBuEhTlKCyappCRItBdfpZdYQW0pj5LW/JG9AYLp2vP8PU3J/rYFjA2LinlvQZb7bD2hoK6ChJC3Ajg1qVyMXMbptgiphcolBYrTMkXpMVD18yzakjh0nWvcDH7IzqibqJrtbV8/g1ezatCPOP/s7g2QStA9qSSeUiZD2CJCEfqYmge8zvssXeiGpJB6EDocJvzaE3ZxIWcAziil3L1MndRYQEpyUkeyxCIBbmTps7297lci6AUID8/3yhU8XzXflJiZziQVMJpTX2WprwjNBScpaHgLBfG7sYedxdSMXm0JYSgfP48r2W5VV5NsVrDNT6FAROUAnSYIp8GCgAURSFv7Fif7N1UvhCdznNzJyA7UjU861MBPhB0AuRMnLpCwL917ReMG0d0tG9hQQnxcUyfWuL1uBTcP1xVUVAJkF00vQj4DT0q8iU336iJ7R8tLr/WYUVVeaOgYOag1qC1IGgEyMoqNwmdfEtCd30cHR3FnFmzNLFfMmkSyUnXDC1Ndxhcr2lS2CAIGgGUqKZNXb2eLpYvuQWDcSCB0AOwrygsLu938Ls0p3jaHZoUOECCQoCxE6fMQvJAz99iR8ay6sfLNC3n5kULvDbGXUihPp9RUjKUKOwhEQwCKKC8xFW+VKxfi9ls9pJlaMSOjGVOaX9Vmog2uPiFpgVfg2EXYKx16lpgQs/fiicUsnihfwLY1t22EiEElvBw8nK9dG+lWJtdPL3U80FtGVYB0qZNCwO6pgNcAJbwcDZueLB7DVhrMjMymDV9Gq1tbdjq6ln546UYDcarkwmE+iuWL/f7XNmwCmBxcA+SNIDkxISLAA/cX9lfb8Vnbl22BICmpgvs/fgTNj70UwyG3hPDAsbnnDi10q+OMIwCZGWVmyTyQYDw8LCPJIzMGZvNomtMG2hFUWEBo9LTAag9c5bqQ4d54L7KPukkPIqfr9GwCaCMaFwHpAJy3epVJltdvVi3euU1A2u1QgjBTYuutDHv7fiAycXFTBjfJxh7XJa1xOt0qhYMlwAKiA0A4WFhHztdzhkjY2KYOW1qwBwoyL8y5FBVlT9/uJNVK/p2exUp7vWnH8MiQO7EafOATIB/ua/SUX3wsLJw3g19gm79SdaYMb0a+qOf11Ay2dod4NuDxf58qWNYBFCRd17erL/++jk5X359nIXzvK7f+oWwMDNpqSnd+42NFzAZTSSnJF+d1GDQORb5y4+AC5BVPCseuAVAp1N22Wz1SRaLhcyM0YF2hTGjR3Vv6/WdPc5wD4M/IfHbAn7ABRDCtRQwAsTHxZ+qq6vTFRXmB6TxvZoRkSO6t1Mv3/kdnmJghNbvql0h4AIoyO5+5qhRaUKVKlmZmYF2A4CIiIjubWtxEVJK6s95iH+RMtdqtWozK3gVgRVg+XKdlMzp2o2LjY2Oi43lurS0gLrRRUREZ4yu2WRi3ty5nDpd6yWEBV1HR1iEpwO+EtC4oNyTp8epgu6gfZfLPSo7cwxxIz3F8fufyMsC3LhwPpERFnbt3uM1bbte+OVaBfQJcKH26mKcPPntOICYmOF5dVcIQXR0FBXr1wHwyV+9xus2f3N473l/+BDQJ+Du0jpHTrrdmRjlNLy9P573/3YyZceHH7Fwnl8Hm15pbrnEkw8/xIjISBqbGtn/6QFvSY/hpxc7AiaA3GXMRTn7Dpe/9TMl8xJPR6SxafOLmM1mZs+aGShXurllUTmWCAvfnz7Du9u24XZ7fnVMIPf7y4eAhCbKg4Tj1H+IoLu7IwSU5jXzbZ2BX//PYdJSU/0+FhDuC0SdXIql9hH09s/Y800Sz7z0Gjuq9nH2fBPR8fFEREWjSjcddjsAYUYVo0E+ajt15nt/+BSYJ6DN+DKC/Kt/FgKeWnGamtPh/GzTf3C2ro7bV93qNzfMDb9F39b58RXjxfdIb6vD7sjrPi4l6AxGYpPSKC84/+36GcfDxiTYE4WQv6CU6UJo/3al3xthWWXcgBTrvR0PN7l54fbv0Skqr7z2OpueewGXyz9fGDO09q5JrAmH0Ov6XtO8hPM8teRYRmaiPUkIBIgSdpu0iY+5Cr8IIP+ESVaZZ8kq45sI8fP+0ueltlExt/ONxu073ucnDz5MY1NTP7kGj3C39trXKSqq2nsEPsLUwcPX70URV7W5gjLNHUJDAeReYuQe4+Nyj2kvFlMzQu5BiDUDzV85v46MhM5698jRo9xReT9ffPm1Vu5dpu+Ttcb6GQkRrYQZnMzM+DsvLX2P5BEev2zm8bV7X9FsAkbuNv0euNkXG9UnIlj7q2zk5ZvPZDTxxCMbmFOqTQ8p6vhc9O3Hhpq9jlJHitbtgJZVkM9D9cmZl1gxtaF739HhYONTz7Dlv9/01TQAQvp07RLZY/yRJo70QEMBxF4trPx08RliLO7ufSklW954i799dtR349LjPM8gEK/L3Ybi/tMNHC0F+EALK1HhLh5cXNvn92M1X/hsW3H53LBHgbJH7jbdJ3dp04XXTgBLezXg7jfdAFg6pYHi0Vd6LEaDkUkTi3wz6rYj3M0+egZ0VrUvo5iOyl1mn+dQNBNATMIJ9L11h4CiwNMr/o5BL1l6802885tfk5sz9Jc0mltaeHHzg2j8lZpcFLnVVyNajwM0G0FlJ9upnFfHsc8/x2Qa2lqIqqps//P7rF5fQUu9Vp8f7YXPdZp244Aqw2QgQyt7APfeYCPceZS1d1Wyfcf7uN0Dq+GcTicf7PwLd1Tez6bNL9DY1ERhhk6T6rEH34Hq87yJluOAfcAMrex18f05E4t+nofLLUhOSmTB9XOZWjKZ3OxsjMYrMZ3t7XYOHTlC9cFD7Ny9l4bGhl52Xr37RG1ZXnOqBi65kfwXDsfjYgGt/Se/NpoIID+yJGJw2bSw5YmH3xnFtureq2aKojAyJgaj0YjT6aShsRFV9V7H79xYczYttqNPzMngkAdQ5H1ilvP/fLNzBW1mQ3Ud6f6c11sw4UIfAVRV5XxDg5ccfYmNdEb64MI5EA9T6vhtcI6E251HkdRoYssDcZG+t+1GHWFDzLoFxZEjyuyv+2M6WpMnQCzCIfcY5qA6H0GwHtB0kdelYgfaQTSB9NTzcABtIBwg20DYQRolMlogkoE8VSJ1g1uAqgcqRJnjD1qcgzc0j4aS76IjMawE3PNATANK8FUQIbaKUvvqoWa3Wq2GTzbX1BgUmT3ALB+gN6wVMy71/fSuxvg9HE1KBHuMuUhlKoKFdH67eZCCiLtEmX2LT37sNv0S+Kf+i+IFbI4NYoU2o/r+iwswchd6FNNchPgHpFwC9Pcm3klUxwQxB5/+fkTuC7sOt1oNJHhJ4kDwgCh1vOJLOYNlWP9BQ+4lBrdpFUKsAznFQ5LPUOWtYk7Hl9qUZx6Dqj4JohRIBASCWuADJC+KMsdxLcoZDEHzFyadYwnnDFDiADeqqGF2+wEhgutDqyFChAgRIkSIECFChAgRIkSIED9g/h+02l+jofHlGAAAAABJRU5ErkJggg==",
+  "url": "https://github.com/crowdsecurity/cs-firewall-bouncer",
+  "description": "Crowdsec bouncer written in golang for firewalls",
+  "stars": 7,
+  "downloads": 1144,
+  "readme_content": "PHAgYWxpZ249ImNlbnRlciI+CjxpbWcgc3JjPSJodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1maXJld2FsbC1ib3VuY2VyL3Jhdy9tYWluL2RvY3MvYXNzZXRzL2Nyb3dkc2VjX2xpbnV4X2xvZ28ucG5nIiBhbHQ9IkNyb3dkU2VjIiB0aXRsZT0iQ3Jvd2RTZWMiIHdpZHRoPSIzMDAiIGhlaWdodD0iMjgwIiAvPgo8L3A+CjxwIGFsaWduPSJjZW50ZXIiPgo8aW1nIHNyYz0iaHR0cHM6Ly9pbWcuc2hpZWxkcy5pby9iYWRnZS9idWlsZC1wYXNzLWdyZWVuIj4KPGltZyBzcmM9Imh0dHBzOi8vaW1nLnNoaWVsZHMuaW8vYmFkZ2UvdGVzdHMtcGFzcy1ncmVlbiI+CjwvcD4KPHAgYWxpZ249ImNlbnRlciI+CiYjeDFGNERBOyA8YSBocmVmPSIjaW5zdGFsbGF0aW9uIj5Eb2N1bWVudGF0aW9uPC9hPgomI3gxRjRBMDsgPGEgaHJlZj0iaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0Ij5IdWI8L2E+CiYjMTI4MTcyOyA8YSBocmVmPSJodHRwczovL2Rpc2NvdXJzZS5jcm93ZHNlYy5uZXQiPkRpc2NvdXJzZSA8L2E+CjwvcD4KCgojIGNzLWZpcmV3YWxsLWJvdW5jZXIKQ3Jvd2RzZWMgYm91bmNlciB3cml0dGVuIGluIGdvbGFuZyBmb3IgZmlyZXdhbGxzLgoKY3MtZmlyZXdhbGwtYm91bmNlciB3aWxsIGZldGNoIG5ldyBhbmQgb2xkIGRlY2lzaW9ucyBmcm9tIGEgQ3Jvd2RTZWMgQVBJIHRvIGFkZCB0aGVtIGluIGEgYmxvY2tsaXN0IHVzZWQgYnkgc3VwcG9ydGVkIGZpcmV3YWxscy4KClN1cHBvcnRlZCBmaXJld2FsbHM6CiAtIGlwdGFibGVzIChJUHY0IDpoZWF2eV9jaGVja19tYXJrOiAvIElQdjYgOmhlYXZ5X2NoZWNrX21hcms6ICkKIC0gbmZ0YWJsZXMgKElQdjQgOmhlYXZ5X2NoZWNrX21hcms6IC8gSVB2NiA6aGVhdnlfY2hlY2tfbWFyazogKQogLSBpcHNldCBvbmx5IChJUHY0IDpoZWF2eV9jaGVja19tYXJrOiAvIElQdjYgOmhlYXZ5X2NoZWNrX21hcms6ICkKCiMjIEluc3RhbGxhdGlvbgoKIyMjIEFzc2lzdGVkCgpGaXJzdCwgZG93bmxvYWQgdGhlIGxhdGVzdCBbYGNzLWZpcmV3YWxsLWJvdW5jZXJgIHJlbGVhc2VdKGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2NzLWZpcmV3YWxsLWJvdW5jZXIvcmVsZWFzZXMpLgoKYGBgc2gKJCB0YXIgeHp2ZiBjcy1maXJld2FsbC1ib3VuY2VyLnRnegokIHN1ZG8gLi9pbnN0YWxsLnNoCmBgYAoKIyMjIEZyb20gc291cmNlCgpSdW4gdGhlIGZvbGxvd2luZyBjb21tYW5kczoKCmBgYGJhc2gKZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2NzLWZpcmV3YWxsLWJvdW5jZXIuZ2l0CmNkIGNzLWZpcmV3YWxsLWJvdW5jZXIvCm1ha2UgcmVsZWFzZQp0YXIgeHp2ZiBjcy1maXJld2FsbC1ib3VuY2VyLnRnegpjZCBjcy1maXJld2FsbC1ib3VuY2VyLXYqLwpzdWRvIC4vaW5zdGFsbC5zaApgYGAKCiMjIFVwZ3JhZGUKCklmIHlvdSBhbHJlYWR5IGhhdmUgYGNzLWZpcmV3YWxsLWJvdW5jZXJgIGluc3RhbGxlZCwgcGxlYXNlIGRvd25sb2FkIHRoZSBbbGF0ZXN0IHJlbGVhc2VdKGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2NzLWZpcmV3YWxsLWJvdW5jZXIvcmVsZWFzZXMpIGFuZCBydW4gdGhlIGZvbGxvd2luZyBjb21tYW5kczoKCmBgYGJhc2gKdGFyIHh6dmYgY3MtZmlyZXdhbGwtYm91bmNlci50Z3oKY2QgY3MtZmlyZXdhbGwtYm91bmNlci12Ki8Kc3VkbyAuL3VwZ3JhZGUuc2gKYGBgCgoKIyMgQ29uZmlndXJhdGlvbgoKVG8gYmUgZnVuY3Rpb25hbCwgdGhlIGBjcy1maXJld2FsbC1ib3VuY2VyYCBzZXJ2aWNlIG11c3QgYmUgYWJsZSB0byBhdXRoZW50aWNhdGUgd2l0aCB0aGUgbG9jYWwgQVBJLgpUaGUgYGluc3RhbGwuc2hgIHNjcmlwdCB3aWxsIHRha2UgY2FyZSBvZiBpdCAoaXQgd2lsbCBjYWxsIGBjc2NsaSBib3VuY2VycyBhZGRgIG9uIHlvdXIgYmVoYWxmKS4KSWYgaXQgd2FzIG5vdCB0aGUgY2FzZSwgdGhlIGRlZmF1bHQgY29uZmlndXJhdGlvbiBmaWxlIGlzIGxvY2F0ZWQgdW5kZXIgOiBgL2V0Yy9jcm93ZHNlYy9jcy1maXJld2FsbC1ib3VuY2VyL2AKCmBgYHNoCiQgdmltIC9ldGMvY3Jvd2RzZWMvY3MtZmlyZXdhbGwtYm91bmNlci9jcy1maXJld2FsbC1ib3VuY2VyLnlhbWwKYGBgCgpgYGB5YW1sCm1vZGU6IGlwdGFibGVzCnBpZGRpcjogL3Zhci9ydW4vCnVwZGF0ZV9mcmVxdWVuY3k6IDEwcwpkYWVtb25pemU6IHRydWUKbG9nX21vZGU6IGZpbGUKbG9nX2RpcjogL3Zhci9sb2cvCmxvZ19sZXZlbDogaW5mbwphcGlfdXJsOiA8QVBJX1VSTD4gICMgd2hlbiBpbnN0YWxsLCBkZWZhdWx0IGlzICJsb2NhbGhvc3Q6ODA4MCIKYXBpX2tleTogPEFQSV9LRVk+ICAjIEFkZCB5b3VyIEFQSSBrZXkgZ2VuZXJhdGVkIHdpdGggYGNzY2xpIGJvdW5jZXJzIGFkZCAtLW5hbWUgPGJvdW5jZXJfbmFtZT5gCiNpZiBwcmVzZW50LCBpbnNlcnQgcnVsZSBpbiB0aG9zZSBjaGFpbnMKaXB0YWJsZXNfY2hhaW5zOgogIC0gSU5QVVQKICAtIEZPUldBUkQKYGBgCgogLSBgbW9kZWAgY2FuIGJlIHNldCB0byBgaXB0YWJsZXNgLCBgbmZ0YWJsZXNgIG9yIGBpcHNldGAKIC0gYHVwZGF0ZV9mcmVxdWVuY3lgIGNvbnRyb2xzIGhvdyBvZnRlbiB0aGUgYm91bmNlciBpcyBnb2luZyB0byBxdWVyeSB0aGUgbG9jYWwgQVBJCiAtIGBhcGlfdXJsYCBhbmQgYGFwaV9rZXlgIGNvbnRyb2wgbG9jYWwgQVBJIHBhcmFtZXRlcnMuCiAtIGBpcHRhYmxlc19jaGFpbnNgIGFsbG93cyAoaW4gX2lwdGFibGVzXyBtb2RlKSB0byBjb250cm9sIGluIHdoaWNoIGNoYWluIHJ1bGVzIGFyZSBnb2luZyB0byBiZSBpbnNlcnRlZC4gKGlmIGVtcHR5LCBib3VuY2VyIHdpbGwgb25seSBtYWludGFpbiBpcHNldCBsaXN0cykKCllvdSBjYW4gdGhlbiBzdGFydCB0aGUgc2VydmljZToKCmBgYHNoCnN1ZG8gc3lzdGVtY3RsIHN0YXJ0IGNzLWZpcmV3YWxsLWJvdW5jZXIKYGBgCgojIyMgbW9kZXMKCiAtIG1vZGUgYG5mdGFibGVzYCByZWxpZXMgb24gZ2l0aHViLmNvbS9nb29nbGUvbmZ0YWJsZXMgdG8gY3JlYXRlIHRhYmxlLCBjaGFpbiBhbmQgc2V0LgogLSBtb2RlIGBpcHRhYmxlc2AgcmVsaWVzIG9uIGBpcHRhYmxlc2AgYW5kIGBpcHNldGAgY29tbWFuZHMgdG8gaW5zZXJ0IGBtYXRjaC1zZXRgIGRpcmVjdGl2ZXMgYW5kIG1haW50YWluIGFzc29jaWF0ZWQgaXBzZXRzCiAtIG1vZGUgYGlwc2V0YCByZWxpZXMgb24gYGlwc2V0YCBhbmQgb25seSBtYW5hZ2UgY29udGVudHMgb2YgdGhlIHNldHMgKHRoZXkgbmVlZCB0byBleGlzdCBhdCBzdGFydHVwIGFuZCB3aWxsIGJlIGZsdXNoZWQgcmF0aGVyIHRoYW4gY3JlYXRlZCkKCgoKCgoK",
+  "version": "v0.0.10",
+  "download_url": "https://github.com/crowdsecurity/cs-firewall-bouncer/releases/tag/v0.0.10",
+  "asset_url": "https://github.com/crowdsecurity/cs-firewall-bouncer/releases/download/v0.0.10/cs-firewall-bouncer.tgz",
+  "status": "stable"
+ },
+ {
+  "name": "cs-custom-bouncer",
+  "author": "crowdsecurity",
+  "logo": "iVBORw0KGgoAAAANSUhEUgAAAuwAAAHACAYAAAD5pj0sAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAATiAAAE4gBo4oJKAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7d1/mJ11eSf++3NmMhMBIfzQVUgiorW1KK6dJjPnTMKOiOtaa11b44/dat1aabWK2l7dar/ttvvDrXa3rVh0FbHbgq7VdK3aKlURZk3mnDPhmvo1iKj1ByURqhQNSAgzmXk++wdhVQSSzJznPM/Meb2ui7+8rvt+/yEzb54593kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO6Tqg4AlK/ZbJ5WFMWjhoeHTy+K4vSIOD2lNJRzPiWl1Kg6H1CtoijuaDQaRc75O41G458WFxdvHxkZuW3Xrl23Vp0NUNhhzZiamho+dOjQE1JKT04pPSUifjwiHhsRZ0fEyZWGA1areyLiHyLipoj4Ys75841G43Pz8/M3zM3N3V1tNBgcCjusYtu2bTunKIoLc84XRsSFEXFq1ZmAgbCYUvpcURRXR8TV69ev3z09PX1P1aFgrVLYYRXZtm3b5sXFxeemlJ4WEf8iIk6rOhNARByKiE5K6dqc88c6nc5nqw4Ea4nCDjXXbDYfFhE/HREvjYhnRcRQtYkAjurGlNIHFxcX/3zPnj1frzoMrHYKO9RTY2Ji4oKU0ksj4nkRcVLVgQCWoYh7n7xfkVJ6/8zMzHerDgSrkcIONXLeeeedeMIJJ1yUUvr1iDir6jwAPXRXSumylNIfzszM3FJ1GFhNFHaogcnJyYcXRfGLEfGGiHhU1XkASrQQER8oiuI/z87O/n3VYWA1UNihQmNjY2eMjo6+Ouf82ojYUHUegD4qIuJ/55x/t9vt3lh1GKgzhR0qMDY2tm5kZOTXI+K3I+LEqvMAVKjIOb+nKIo37tmz5/aqw0Ad+bYJ6LNWq3X+0NDQX0fEiyNipOo8ABVLKaWxRqPxik2bNt2zf//+6yIiVx0K6sQTduiT7du3P3pxcfG/R8S/qToLQI11Ukqvarfb/3/VQaAuFHYoX2o2m6+KiDdFxClVhwFYBRYj4u0LCwu/NTc3d3fVYaBqCjuUaGxs7JSRkZHLI+L5VWcBWIW+GBEv6HQ611cdBKrkM+xQklartWVoaOjqiJisOgvAKnVGRLxs8+bN39q3b9/fVR0GquIJO/ReajabF0fEH4SjUoBeufLgwYOv3Lt378Gqg0C/KezQQ9u2bTt1aWnpioj46aqzAKxBX4iIn+t0Ol+sOgj0k8IOPbJ9+/ZHHz58+KqU0lOqzgKwhn0n5/ycbrc7U3UQ6BeFHXpg27Zt5ywtLX0yIh5XdRaAAXB3SukF7Xb7Y1UHgX5wdAorNDk5+ZNFUVwTEZuqzgIwINZFxAs3btx4y/79+x2jsuYp7LACrVbrgpzzxyPitKqzAAyYRkrpOZs3b0779u2brjoMlElhh2WamJh4TkR8NCJOqDoLwIBKETG1adOmof37919bdRgoi8IOyzA5OTkR95b1h1WdBYD4F5s2bbpj//793aqDQBkcncJxarVaT8o5fyYiTq06yzFYjIgvp5Suj4ivFEVxU0R8I6V0e0rp9pzzPUNDQ177DQPs8OHDI+vWrTuxKIqTi6I4o9FoPDrn/NiU0mNzzk+KiHNjdTycKHLO/6bb7X6g6iDQawo7HIdWq/WYnPNMRJxVdZYHcTgi9kTENY1G49p169Z1pqen76k6FLB67dixY+jmm2/+541G42k556ellM6PiJOqzvUgFnLOz+52u1dXHQR6SWGHYzQ2NnbGyMjI7oj40aqz3M89EfHRnPP77r777k97CyBQpqmpqeFDhw5NpJRenFJ6YUScXnWm+/luURRPm52dnas6CPSKwg7H4Nxzzx05+eSTpyOiWXWW+6SUdkfEFSMjIzunp6cPVJ0HGDxHfjb+VES8NO59w/O6iiPd51uLi4s/ed111+2rOgj0gsIOx6DZbP5RRLy+6hwRkSPiY41G400zMzOOq4Da2LZt2+bFxcVfTym9Imrwmfecc/fw4cPnz83NHa46C6yUwg5HMTEx8TMppQ9Htf++LEXEByPi9zudzvUV5gB4SFu2bHnU8PDwr0XEK6P6z7q/udPpvLHiDLBiCjs8hC1btmwaHh7+bFT7Gc2/yzm/qtvtzlaYAeC4bN++/dGLi4tviYiXVBgj55yf2+12/7rCDLBiCjs8iKmpqeH5+fnpiJisKMKBiPi9jRs3Xrpz586lijIArMjk5OTTiqJ4e0Q8saIIt0XEUzudzjcq2g8r1qg6ANTVwsLCm6K6sv7h4eHhJ3Q6nUuUdWA1m5mZuXbDhg1PjYg3R0RRQYRHRMT7duzY4WWRrFqesMMDGB8fH2s0GrPR/7cBL6aUfrvdbv9B3HtgCrBmtFqtC3LO74uIR/V7d0rpV9vt9jv6vRd6wRN2+GGNlNKl0f+yfnNK6fx2u/2WUNaBNajdbl+TUnpKSulT/d6dc/797du3P7rfe6EXFHa4n2az+YqU0kSf185ExFPb7Xanz3sB+qrdbn/rrLPOelZEvKvPq09eXFz8/T7vhJ7wkRj4Plu3bj19eHj4iznnM/q49m8WFhZeODc3d3cfdwJUrtVq/WbO+c19XJlzzhd0u93pPu6EFfOEHb5Po9H4b30u61cuLCz8rLIODKJ2u/2WlNKvRv+OUVNK6dKxsbG6vJEVjomLaTii1Wo1I+JPok9/eUop/Y9Op/OKW2+91bfAAANr3759123evPnrEfGvoz8/fx85NDT07f3793tbNKuGJ+xwRM75P0X/Pib24bPOOus14bgUINrt9pUR8Zo+rnzj2NjYCX3cByviCTtERKvV2hIRfTlGyjlfe+qppz7vIx/5yOF+7ANYDfbv33/d5s2bT4j+vP/ixEaj8c39+/fv6cMuWDFP2CEics6/1adVnx0aGnruVVddNd+nfQCrRrvdfkNEXNmPXY1G4zfOPffckX7sgpVS2Bl4ExMTT4yIn+nDqgNDQ0PPn5mZ+W4fdgGsRnl0dPSiiPhs6Yty3nTyySe/pOw90AsKOwMvpfTb0Z9/F161e/fur/VhD8CqNT09fU9RFC+MiH483Hjj1NTUcB/2wIoo7Ay0Vqv1uIh4YR9Wvb3T6by/D3sAVr3Z2dm/Tym9qg+rHjc/P/+CPuyBFVHYGWg551+O8o+vP79hw4ZfL3kHwJrSbrffG/35PHs//sMAVkRhZ5A1IuLFJe/IOefXODIFOH5LS0uvj4jbS17TOvLXVqgthZ2BNT4+/vSI2Fjymiu8Ahtgefbs2XN7zvl3Sl6Tcs7/tuQdsCIKOwOr0WiU/e0Adw4PD7+x5B0Aa1q3231XRMyWvOYl0b8X58FxU9gZSOedd96JEfG8ktf8h127dt1a8g6Ata5oNBqvK3nH41ut1kTJO2DZFHYG0kknnfSzEXFSiSu+GRGXlTgfYGDMzMx0I+KTZe4oiuLny5wPK6GwM5ByzqUem6aU/rjT6RwqcwfAIEkpvank+S/csWNH2d8aBsuisDNwjryK+vwSV9wxPz//zhLnAwycdrv9mYjYVeKK02+55Zanljgflk1hZ+CcdNJJWyPixLLmp5QunZubu6Os+QCDqtFovLnM+UtLSxeUOR+WS2Fn4DQajTJ/IOdGo/GnJc4HGFgzMzN/m1LaV9b8lNJUWbNhJRR2BtHTSpy9a/fu3V8rcT7AICuKovhfJc7fPjY2tq7E+bAsCjsDZWpqan1ElPbVXTnnfrxGG2Bg5ZyvKHH8SSMjI1tKnA/LorAzUA4fPtyMiPUljb9n/fr1f1nSbAAiYnZ29gsR8dmy5qeUfI6d2lHYGShFUWwvcfzV09PTB0qcD0BE5JxLeziSc95W1mxYLoWdQfOUsgbnnK8pazYA39NoNK4tcXxpvydguRR2Bs15ZQ0u+RcIAEeMjIxcFxF3ljT+Udu3b39ESbNhWRR2BsZ55513YkScU9L429vt9t6SZgPwfaanpxejxJcoLS0tPbms2bAcCjsD48QTTzwnyvv//GcioihpNgD3k1Iq86+ajy9xNhw3hZ2BkXM+u8Tx15U4G4D7KYpirqzZJf++gOOmsDMwGo3GY0scf32JswG4n5RSmR9DPLvE2XDcFHYGRs55Y1mzU0o3ljUbgB/W6XS+HRHfKmn8Y0qaC8uisDNIHlnS3KX5+fmbS5oNwIO7qaS5viWGWlHYGSSnlTT31rm5ucMlzQbgQaSUvl7S6NNLmgvLorAzSM4oY2hK6ZtlzAXgoeWcbytp9KlTU1PDJc2G46awM0geXsbQnPPtZcwF4KGllMr6+ZsOHTp0Qkmz4bgp7AySdSXNLettewA8hKIo7ihr9sjIyGhZs+F4KewMklJ++KaU5suYC8BDazQapf38XVxcHClrNhwvhZ1BUsoP35zzYhlzAXhoOefSCvvQ0JAn7NSGws4gSWUMzTkXZcwF4KhyWYOXlpZ0JGrD/xkBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhB37A5OTkxNatW59QdQ4A4F4KO/ADlpaWnj40NPSlZrO5u9ls7piamhquOhMADDKFHXgwkxHxwfn5+X+YmJh48/j4+MaqAwHAIFLYgaM5M6X0m41G46vNZvODExMTF1YdCAAGiT91A8dqJCJ2pJR2NJvNGyPiXQcPHrx87969B6sOBgBrmSfswHI8MSLeeuKJJ97SbDbfNTk5eW7VgQBgrVLYgZU4OSIuKori845UAaAcCjvQKz9wpNpsNs+qOhAArAUKO9BrZ6aUfjMivuZIFQBWzp+ugbI4UgWAHvCEHegHR6oAsEwKO9BPjlQB4Dgp7EBVHKkCwDFQ2IGqOVIFgIfgT9FAXThSBYAH4Ak7UEeOVAHgCIUdqDNHqgAMPIUdWC0cqQIwkBR2YLVxpArAQPGnZWC1cqQKwEDwhB1YCxypArBmKezAWnLfker1zWbzU45UAVgLFHZgLUoRcWEcOVJttVq/12q1Hll1KABYDoUd+AHr1q3705zzf4mIf6w6S4+cmXP+3Zzzza1W672tVqtZdSAAOB4KO/ADdu3adWu32/2dO++88zER8YKIuDoicsWxemE05/xvc87tZrP5d61W66LzzjvvxKpDAcDRKOzAA7rhhhsWOp3Ozk6n84yI+PGc89si4q6qc/XIU3PO73KkCsBqoLADR9XpdL7Y7XZfWxTFWSmlX46Iz1edqUccqQJQewo7cMxmZ2fvbLfbl3U6nScXRbE9InZGxGLVuXrAkSoAtaWwA8syOzu7u9PpvGB4eHhzSukNEbG/6kw9ct+R6j5vUgWgDhR2YEV27dp1a7vdfsudd975uPjekepacN+bVD/lSBWAKinsQE/c70j1iWv5SHV8fPzHqw4EwOBQ2IGeW+tHqo1G4/OOVAHoF4UdKI0jVQBYOYUd6AtHqgCwPAo70FeOVAHg+CjsQCUG5Ej1G45UAVgphR2o3Bo+Uj0lHKkCsEIKO1Abg3Skun379kdUHQqA1UFhB2pprR+pLi4u7nekCsCxUNiBWhuQI9U5R6oAPBiFHVgV1viR6k84UgXgwSjswKrjSBWAQaKwA6uWI1UABoHCDqwJjlQBWKsUdmBNcaQKwFqjsANrkiNVANYKhR1Y8x7gSPWGqjP1iCNVgAGgsAMD4/uOVJ/kSBWA1UJhBwbSfUeqjUbjMY5UAagzhR0YaDMzM7c4UgWgzhR2gHjQI9WDVefqEUeqAKuYwg5wP/cdqY6Ojm6MiNenlL5cdaYeue9I9fpms3nV5OTk06oOBMDR+TYBgAcxPT19ICLeGhFvHR8f39ZoNC6OiOfF6v/Z2YiIf1UUxVJEXFt1GAAemifsAMdgDR+pAlBzCjvAcVjDR6oA1NRq/7MuQCVuuOGGhbj3e9x3TkxMPDEifiWl9PKI8E0sAPSUJ+wAK9Ttdm888ibVM1fTm1RzzqnqDAAcnSfsAD0yOzt7Z0RcFhGXrbEjVQAq5Ak7QAke4Ej1G1VnAmB1UtgBSvR9R6rnhCNVAJbBn2kB+sCRKgDL5Qk7QJ/dd6QaEc2IuKmqHCklR6cAq4An7AB95iAVgOPhFwVAH0xOTj485/zinPNrIuJJVecBYPVQ2AFKNDk5+aNLS0v/riiKX46IDVXnAWD1UdgBemzHjh1D+/bt+6mU0sVFUTzdZ8UBWAmFHaBHtmzZ8qh169b9wv79+1+VUtpcdZ5j4D8kAFYBhR1ghcbHx8cajcZrI+JFOed1VecBYG1R2AGWYWpqav38/PwLcs6/llJ6StV5AFi7FHaA4zA+Pv4jKaWXz8/PvyIiTvPxdADKprADHF1jYmLigpTSayPi2eGz3wD0kcIO8CBardYji6L4pUaj8Ss5501V5+mhu3PO70sp/UnVQQA4OoUd4H6OHJFelHN+SUrpYTnnqiP1yldSSpcvLi5evmfPnturDgPAsVHYASLiWc961uiBAwd+JiJeHxHNqvP0UBER10TEZRs3bvzQzp07l6oOBMDxUdiBgdZqtR5XFMUrDhw48EsRcXrVeXroQM75iqIo3rpnz56vVx0GgOVT2IFBdN8R6UU5559NKQ1VHahXUkpzEXHZ/Pz8e+fm5u6uOg8AK6ewAwNjbGzslJGRkZdFxMURcU7FcXppPiI+mnO+pNPpzFQdBoDeUtiBNe++I9KI+PmIOKHqPD30jZTS5fPz85fOzc39U9VhACiHwg6sSd93RHpRRFxYdZ4e+n9HpKOjo381PT29WHUgAMqlsANryuTk5Jk554sOHDjwqoh4RNV5euiOiPhAURSXzM7OfqHqMAD0j8IOrAVpYmLi6Smli4qieF6srZ9tn00pvfOuu+563969ew9WHQaA/ltLv9SAATM+Pn7y0NDQi3LOr42IH686Tw8tRMRHcs6Xdbvdq6sOA0C1FHZg1Wk2mz+Wc35lSunlOecTq87TQ7fmnK/IOV86Ozu7v+owANSDwg6sCueee+7IySef/Nw4ckSaUqo6Ui/NRMQljkgBeCAKO1Br27dvf/TS0tJLc86vjoiNVefpoe9GxPtTSn/Sbrc/X3UYAOpLYQdqaXx8fFuj0bh4cXHxX0fEuqrz9NCXIuJ/jI6Ovmd6evquqsMAUH8KO1Abk5OTD885v/jI0/QnV52nh5Yi4qqc8yXdbvfTEZGrDgTA6qGwA5XbunXrExqNxi8WRXFRRJxadZ4e+sec858PDw+/Y/fu3TdXHQaA1UlhB6rSmJiYeHZK6eKIeHpErJkr0pTSXM75bQsLC++fm5s7XHUeAFY3hR3oq/Hx8X82NDT0spzzqyJic9V5euieiNg5NDT0h7t37/5c1WEAWDsUdqAvxsfHxxqNxmsj4kU557V0RPr3KaX35Jzf3el0vl11GADWHoUdKM3U1NT6+fn5F+Scfy2l9JSq8/RQERHX5Jzf1u12/yYckQJQIoUd6Lnx8fEfSSm9fH5+/hURcdoaesnRt3LO/zMi3tntdm+qOgwAg0FhB3qlMTExcUFK6bUR8exYY0ekEXFZzvnKbrd7qOo8AAwWhR1YkVar9ciI+Hc551+JiLMrjtNL8xHx0ZTSH7fb7U7VYQAYXAo7sCxHjkgvyjm/JCIeVnWeHvpqSundi4uLl+/Zs+f2qsMAgMIOHLNnPetZowcOHPiZiHhdRLSqztNDRURcExGXbdy48UM7d+5cqjoQANxHYQeOqtVqPa4oilfccccdL4+IM6rO00N3HHkT6SW7d+/+WtVhAOCBKOzAg7nviPSinPPPppSGcl4b31543xHp/Pz8e+fm5u6uOg8APBSFHfgBzWbztIh4eUT8SkScU3GcXronIj4YEW9vt9t7qg4DAMdKYQd+QM75lSml/1J1jh66JaX07qGhobfv2rXrtqrDAMDxUtiBtShHxKcj4rLR0dG/mp6eXqw6EAAsl8IOrCV3RsRfNBqNt83MzNxQdRgA6AWFHVgLvhgR7zx48ODle/fuPVh1GADoJYUdWK0WIuIjOefLut3u1VWHAYCyKOzAanNrzvmKnPOls7Oz+6sOAwBlU9iB1WImIi5ZWFj48Nzc3OGqwwBAvyjsQJ19NyLeHxGXdjqd66sOAwBVUNiB2kkpfTki/rTRaFy2e/fu71SdBwCqpLADdVFExMdzzpd0Op1Px73fpQ4AA09hB6r2zZzznw0PD79j9+7dN1cdBgDqRmEHKpFSmouIy0ZGRq6Ynp6+p+o8AFBXCjvQT/dExM6hoaE/3L179+eqDgMAq4HCDvTDV1JKl+ec393pdL5ddRgAWE0UdqAsRURck3N+W7fb/ZtwRAoAy6KwA712IOd8RUT8cbfbvanqMACw2insQE/cd0Sac76y2+0eqjoPAKwVCjuwEvMR8dGIeGu73W5XHQYA1iKFHViOr6WULpufn3/P3NzcP1UdBgDWMoUdOFZFRFwTEZdt3LjxQzt37lyqOhAADAKFHTiaOyLiAznnt3a73RurDgMAg0ZhBx7M36WU3jU/P//eubm5u6sOAwCDSmEHfsDQ0FA7IpozMzPdqrMAAAo7cD8zMzPXVp0BAPieRtUBAACAB6ewAwBAjSnsAABQYwo7AADUmMIOAAA1prADAECNKewAAFBjCjsAANSYwg4AADWmsAMAQI0p7AAAUGMKOwAA1JjCDgAANaawAwBAjSnsAABQYwo7AADUmMIOAAA1prADAECNKewAAFBjw1UHAKA627ZtO7UoiidXnYP+KYritm63e2PVOYBjp7ADDLClpaWtEfG3Veegf1JKH4qIn6s6B3DsfCQGAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpsuOoAAFSn0+l8ampq6mFV56B/vvvd7y5VnQE4Pgo7wGArpqen76k6BAAPzkdiAACgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhZ2CklBZLmjtUxlwAjmpdWYNTSofLmg3HS2FnYOScF0qaO1LGXAAeWpk/fw8fPjxf1mw4Xgo7g6SUH76NRuOEMuYCcFQPK2vw8PBwKQ95YDkUdgbJPSXNPa2kuQA8hEajcXqJ4w+VOBuOi8LOIPlOGUNzzmeUMReAh5ZzLquwH+p0Ogo7taGwMzBSSv9U0uizSpoLwEPbVMbQEn9fwLIo7AyMoihuL2n0w7du3Vrmn2UBeGCPLWNozrms3xewLAo7AyOl9I9lzR4aGnpcWbMB+GFTU1PDEbG5pPGl/b6A5VDYGST/UOLsJ5c4G4D7OXTo0BMiYrSM2Smlr5cxF5ZLYWdgNBqN0n4A55zPK2s2AD8spVTag5KiKG4qazYsh8LOwFhcXCytsKeUxsuaDcAPSyltL3G2J+zUisLOwJidnf1GRBwoafxPjI2NeYESQP9cUNbgnPPny5oNy6GwM0hySqmsH8Lr1q1b1yppNgDfZ8uWLY+KiB8rafz84cOHv1LSbFgWhZ2BUhTF3rJmp5SeWdZsAL5neHj4gohIJY2/cW5u7nBJs2FZFHYGzWdLnP2cEmcD8D1lPiCZK3E2LIvCzkDJObdLHP+jrVZrS4nzAQZes9l8WEQ8t6z5Oedry5oNy6WwM1BmZ2dvjIhvl7jiJSXOBiDieRFxSlnDU0rTZc2G5VLYGTQ5Ijolzn/x2NjYuhLnAwy6ny9x9pc6nc43SpwPy6KwM3BSSp8sa3bO+YzR0dGfKms+wCA78u0wzyhxhY/DUEsKOwMnpfSJMufnnF9X5nyAQTU8PHxxRAyXuOKaEmfDsinsDJyZmZkvRcRXS1wxNT4+vq3E+QADZ2xs7JSIeGWJK3JRFJ8pcT4sm8LOoPqrMoc3Go03lDkfYNCMjo6+JiI2lLiiPTs7+80S58OyKewMpEaj8Wclr3j2xMTET5S8A2AgnHfeeSfmnC8uec2VJc+HZVPYGUgzMzM35Jw/V+aOlNJ/LXM+wKA46aSTfiMiHlHiivmI2FnifFgRhZ2BlVJ6b8krntlqtX6u5B0Aa1qr1Xpczvk3S17zsU6nU+Y7OmBFFHYG1vDw8PsiYqnMHTnnt05NTZ1U5g6AtSznfElErC95jY/DUGsKOwNr165dt0bEp0tes3FhYeF3St4BsCY1m83nRcSzS17z7Q0bNlxV8g5YEYWdQfdnZS/IOb++2Wy2yt4DsJa0Wq1HRsSlfVj1v6666qr5PuyBZVPYGWgbN278YER8rINEGgAACCJJREFUpeQ161JKf7F169bTS94DsFY0cs5XRMSZJe9ZiohLSt4BK6awM9B27ty5lHP+w7L35Jw3DQ0N/XlEpLJ3Aax2ExMTb4iIZ/Zh1fs6nU7ZD21gxRR2Bt6pp576PyPilj6senar1fq1PuwBWLVardb5KaX/2IdVRc75zX3YAys2VHUAqNpXvvKVpc2bN6eI+Jd9WPf0zZs3f2Hfvn1f6MMugFWl2Ww+PiL+NiIe3od1/7vb7b6jD3tgxTxhh4i466673hkRt/Vh1VDO+X0TExMX9mEXwKoxOTl5ZkR8KiIe2Y99RVF4us6qobBDROzdu/dgSultfVo3klL6y/Hx8fP6tA+g1rZt23ZqURSfiIiz+7TyY7Ozs3N92gUrprDDEfPz838UEf/Qp3WnNBqNTzSbzSf3aR9ALTWbzdMWFxc/HhFP6tPKhZzzb/RpF/SEwg5HzM3N3R0Rr+vjykdFxGdardb5fdwJUBtHPgZzbUppoo9r/6jb7d7Yx32wYgo7fJ9Op/PhiPibPq7ckHP+ZKvVen4fdwJUbmJi4olFUXQiom8fD0wp7RsdHX1Tv/ZBryjscD9DQ0OvjYhDfVw5mnP+i2az+drwPe3AABgfH39GSml3RGzu596iKF43PT19Vz93Qi/4Wke4n5tvvvk7GzduHE4pTfVxbSMi/tWmTZv++dlnn/2Jm2+++Z4+7gboix07dgxt2LDhd1NK746IE/q8/pPdbvf/6/NO6AlP2OEBrF+//i0ppS9XsPq5S0tLc61Wa0sFuwFKMzk5eeb+/fuvyTn/bvS/f9wdEb/a553QM/78Dg9iYmLiJ1JK7YgYrWD9QkS8JSJ+v9Pp9PPjOQC9liYmJn6h0Wj8t5zzGRVl+KVOp/OeinbDiins8BCazearI+JPKozwtZTSxe12+2MVZgBYlsnJyR8tiuLtEfH0qjKklD7QbrdfVNV+6AWFHY5iYmLiL1NKP1dxjA9HxBs7nc4XK84BcFTbt29/xOLi4m9FxKsjYriqHCmlL4+MjIw5NGW1U9jhKKampjbMz8/PRcQ5FUcpIuLjKaX/1G63r6s4C8APGR8f/2cppdenlF4T/T8qvb97IqLV6XQ+W3EOWDGFHY5Bq9XaknPeHREjVWeJiBz3Fvc/arfb03FvkQeoTKvVelLO+dUR8bKo5u7nh+ScX9ntdt9ZdQ7oBYUdjlGz2fzFiLg8avTvTUppX875vTnnK725D+inLVu2PGpoaOjFKaWXRMRTq85zP5d1Op1frjoE9EptigesBs1m840R8V+rzvFAUkpzEfG3OedrI6Lt22WAXtqxY8fQLbfc8tSlpaULGo3GhTnnC6Ke73P58MaNG5+/c+fOpaqDQK8o7HCcJiYmLkkpXVx1jqOYj4huznlXSmlvo9HYe+DAga/fcMMNC1UHA1aFRqvV2pRSOjfn/OSIaOWcz4+IDVUHO4rPjI6OPnN6etrL51hTFHY4fo1ms/neiHhx1UGOU5FS+kbOeX9E3H7kn/mIuDvnPF9tNKAiwymlh8e9T8pPP/LPoyNic9TjZud4XD86Onr+9PT0gaqDQK9V9lVLsIoVCwsLvzAyMnJaRDyz6jDHoZFz3hQRm+7/P6Tkv92BVW3/4uLiszudjrLOmtTvVwPDmjA3N3d4dHT0+RFxddVZAAbc1yPiadddd92+qoNAWep4LAKrwk033bRwyimnfGBkZORHUkpPqjoPwAC6oSiKp3e73ZuqDgJlUthhBW677bal/fv3f2jz5s0Pj4hm1XkABsj/WVhYeMZ11113W9VBoGwKO/TAvn37Prl58+Z7IuLp4ZgboGwfiYjn7dmz566qg0A/KOzQI/v27ZvZvHnzrRHxrHAfAlCWd27cuPFln/jEJ3xNLQPDk0DosVartSXn/IGIeGzVWQDWkHsi4g2dTueSqoNAvynsUIKtW7eePjQ09GcR8dNVZwFYA74YES/odDrXVx0EqqCwQ3lSs9m8OCL+IFbfC0gA6uLKgwcPvnLv3r0Hqw4CVVHYoWStVquZc35/RDym6iwAq8hdEfGrnU7niqqDQNUcnULJ9u3bt//xj3/85UtLS+siYmv49w7gaD60uLj4nNnZ2V1VB4E68IQd+mjr1q1PGB4evjTn/IyqswDU0FcbjcbFMzMzH686CNSJwg4VmJiYeE5K6R0RsbHqLAA1sJBz/uP169f/3vT09D1Vh4G6UdihImNjY6eMjo7+Vs75VRFxUtV5ACqwFBEfTCn9Trvd/mrVYaCuFHao2Pj4+MlDQ0OvzDn/+4g4reo8AH1wOCL+otFovGlmZuZLVYeBulPYoSampqZOmp+ff3lE/PuIOLPqPAAlmI97n6j/R0/U4dgp7FAzY2NjJ4yOjr4s5/yyiNhSdR6AHrgpIq5cXFx8x3XXXfePVYeB1UZhhxprNps/llJ6Uc75JRFxTtV5AI7DHRHx0ZzzFd1u99MRkasOBKuVwg6rQ2NiYuL8iHhpo9F4Ts75jKoDATyAu1NKV+ec3zs6OvrXvvEFekNhh1Vo27Zt5xRFcWHO+cKIuDAiTq06EzCQFlNKnyuK4uqIuHr9+vW7lXToPYUdVrkdO3YM7du37ydTSk/LOf9ko9F4cs75ceGNqkDv7Y+I61NKn11aWppeXFycmZubu7vqULDWKeywBjWbzYdFxI/lnB8bEWc3Go2zi6I4M6V0ekScERGnR8T6uPdnwIYKowLVuyvu/ZrFxYi4PSJuTyndXhTFNyPippTS11NKNzUajS/u3r37O5UmhQH1fwFiYtgzpiU5kgAAAABJRU5ErkJggg==",
+  "url": "https://github.com/crowdsecurity/cs-custom-bouncer",
+  "description": "CrowdSec bouncer to use custom scripts",
+  "stars": 1,
+  "downloads": 81,
+  "readme_content": "PHAgYWxpZ249ImNlbnRlciI+CjxpbWcgc3JjPSJodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1jdXN0b20tYm91bmNlci9yYXcvbWFpbi9kb2NzL2Fzc2V0cy9jcm93ZHNlY19jdXN0b21fbG9nby5wbmciIGFsdD0iQ3Jvd2RTZWMiIHRpdGxlPSJDcm93ZFNlYyIgd2lkdGg9IjI4MCIgaGVpZ2h0PSIzMDAiIC8+CjwvcD4KPHAgYWxpZ249ImNlbnRlciI+CjxpbWcgc3JjPSJodHRwczovL2ltZy5zaGllbGRzLmlvL2JhZGdlL2J1aWxkLXBhc3MtZ3JlZW4iPgo8aW1nIHNyYz0iaHR0cHM6Ly9pbWcuc2hpZWxkcy5pby9iYWRnZS90ZXN0cy1wYXNzLWdyZWVuIj4KPC9wPgo8cCBhbGlnbj0iY2VudGVyIj4KJiN4MUY0REE7IDxhIGhyZWY9IiNpbnN0YWxsYXRpb24vIj5Eb2N1bWVudGF0aW9uPC9hPgomI3gxRjRBMDsgPGEgaHJlZj0iaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0Ij5IdWI8L2E+CiYjMTI4MTcyOyA8YSBocmVmPSJodHRwczovL2Rpc2NvdXJzZS5jcm93ZHNlYy5uZXQiPkRpc2NvdXJzZSA8L2E+CjwvcD4KCgojIGNzLWN1c3RvbS1ib3VuY2VyCkNyb3dkc2VjIGJvdW5jZXIgd3JpdHRlbiBpbiBnb2xhbmcgZm9yIGN1c3RvbSBzY3JpcHRzLgoKY3MtY3VzdG9tLWJvdW5jZXIgd2lsbCBwZXJpb2RpY2FsbHkgZmV0Y2ggbmV3IGFuZCBleHBpcmVkL3JlbW92ZWQgZGVjaXNpb25zIGZyb20gQ3Jvd2RTZWMgTG9jYWwgQVBJIGFuZCB3aWxsIHBhc3MgdGhlbSBhcyBhcmd1bWVudHMgdG8gYSBjdXN0b20gdXNlciBzY3JpcHQuCgojIyBJbnN0YWxsYXRpb24KCiMjIyBXaXRoIGluc3RhbGxlcgoKRmlyc3QsIGRvd25sb2FkIHRoZSBsYXRlc3QgW2Bjcy1jdXN0b20tYm91bmNlcmAgcmVsZWFzZV0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtY3VzdG9tLWJvdW5jZXIvcmVsZWFzZXMpLgoKYGBgc2gKJCB0YXIgeHp2ZiBjcy1jdXN0b20tYm91bmNlci50Z3oKJCBzdWRvIC4vaW5zdGFsbC5zaApgYGAKCiMjIyBGcm9tIHNvdXJjZQoKUnVuIHRoZSBmb2xsb3dpbmcgY29tbWFuZHM6CgpgYGBiYXNoCmdpdCBjbG9uZSBodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1jdXN0b20tYm91bmNlci5naXQKY2QgY3MtY3VzdG9tLWJvdW5jZXIvCm1ha2UgcmVsZWFzZQp0YXIgeHp2ZiBjcy1jdXN0b20tYm91bmNlci50Z3oKY2QgY3MtY3VzdG9tLWJvdW5jZXItdiovCnN1ZG8gLi9pbnN0YWxsLnNoCmBgYAoKIyMjIFN0YXJ0CgpJZiB5b3VyIGJvdW5jZXIgcnVuIG9uIHRoZSBzYW1lIG1hY2hpbmUgYXMgeW91ciBjcm93ZHNlYyBsb2NhbCBBUEksIHlvdSBjYW4gc3RhcnQgdGhlIHNlcnZpY2UgZGlyZWN0bHkgc2luY2UgdGhlIGBpbnN0YWxsLnNoYCB0b29rIGNhcmUgb2YgdGhlIGNvbmZpZ3VyYXRpb24uCmBgYHNoCnN1ZG8gc3lzdGVtY3RsIHN0YXJ0IGNzLWN1c3RvbS1ib3VuY2VyCmBgYAoKIyMgVXBncmFkZQoKIyMgVXBncmFkZQoKSWYgeW91IGFscmVhZHkgaGF2ZSBgY3MtY3VzdG9tLWJvdW5jZXJgIGluc3RhbGxlZCwgcGxlYXNlIGRvd25sb2FkIHRoZSBbbGF0ZXN0IHJlbGVhc2VdKGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2NzLWN1c3RvbS1ib3VuY2VyL3JlbGVhc2VzKSBhbmQgcnVuIHRoZSBmb2xsb3dpbmcgY29tbWFuZHMgdG8gdXBncmFkZSBpdDoKCmBgYGJhc2gKdGFyIHh6dmYgY3MtY3VzdG9tLWJvdW5jZXIudGd6CmNkIGNzLWN1c3RvbS1ib3VuY2VyLXYqLwpzdWRvIC4vdXBncmFkZS5zaApgYGAKCiMjIFVzYWdlCgpUaGUgY3VzdG9tIGJpbmFyeSB3aWxsIGJlIGNhbGxlZCB3aXRoIHRoZSBmb2xsb3dpbmcgYXJndW1lbnRzIDoKCmBgYGJhc2gKPG15X2N1c3RvbV9iaW5hcnk+IGFkZCA8aXA+IDxkdXJhdGlvbj4gPHJlYXNvbj4gPGpzb25fb2JqZWN0PiAjIHRvIGFkZCBhbiBJUCBhZGRyZXNzCjxteV9jdXN0b21fYmluYXJ5PiBkZWwgPGlwPiA8ZHVyYXRpb24+IDxyZWFzb24+IDxqc29uX29iamVjdD4gIyB0byBkZWwgYW4gSVAgYWRkcmVzcwpgYGAKCi0gYGlwYCA6IGlwIGFkZHJlc3MgdG8gYmxvY2sgYDxpcD4vPGNpZHI+YAotIGBkdXJhdGlvbmA6IGR1cmF0aW9uIG9mIHRoZSByZW1lZGlhdGlvbiBpbiBzZWNvbmRzCi0gYHJlYXNvbmAgOiByZWFzb24gb2YgdGhlIGRlY2lzaW9uCi0gYGpzb25fb2JqZWN0YDogdGhlIHNlcmlhbGl6ZWQgZGVjaXNpb24KCjp3YXJuaW5nOiBkb24ndCBmb3JnZXQgdG8gYWRkIGV4ZWN1dGlvbiBwZXJtaXNzaW9ucyB0byB5b3VyIGJpbmFyeS9zY3JpcHQKCiMjIyBFeGFtcGxlczoKCmBgYGJhc2gKY3VzdG9tX2JpbmFyeS5zaCBhZGQgMS4yLjMuNC8zMiAzNjAwICJ0ZXN0IGJsYWNrbGlzdCIKY3VzdG9tX2JpbmFyeS5zaCBkZWwgMS4yLjMuNC8zMiAzNjAwICJ0ZXN0IGJsYWNrbGlzdCIKYGBgCgojIyBDb25maWd1cmF0aW9uCgpCZWZvcmUgc3RhcnRpbmcgdGhlIGBjcy1jdXN0b20tYm91bmNlcmAgc2VydmljZSwgcGxlYXNlIGVkaXQgdGhlIGNvbmZpZ3VyYXRpb24gdG8gYWRkIHlvdXIgQVBJIHVybCBhbmQga2V5LgpUaGUgZGVmYXVsdCBjb25maWd1cmF0aW9uIGZpbGUgaXMgbG9jYXRlZCB1bmRlciA6IGAvZXRjL2Nyb3dkc2VjL2NzLWN1c3RvbS1ib3VuY2VyL2AKCmBgYHNoCiQgdmltIC9ldGMvY3Jvd2RzZWMvY3VzdG9tLWJvdW5jZXIvY3MtY3VzdG9tLWJvdW5jZXIueWFtbApgYGAKCmBgYHlhbWwKYmluX3BhdGg6IDxhYnNvbHV0ZV9wYXRoX3RvX2JpbmFyeT4KcGlkZGlyOiAvdmFyL3J1bi8KdXBkYXRlX2ZyZXF1ZW5jeTogMTBzCmRhZW1vbml6ZTogdHJ1ZQpsb2dfbW9kZTogZmlsZQpsb2dfZGlyOiAvdmFyL2xvZy8KbG9nX2xldmVsOiBpbmZvCmFwaV91cmw6IDxBUElfVVJMPiAgIyB3aGVuIGluc3RhbGwsIGRlZmF1bHQgaXMgImxvY2FsaG9zdDo4MDgwIgphcGlfa2V5OiA8QVBJX0tFWT4gICMgQWRkIHlvdXIgQVBJIGtleSBnZW5lcmF0ZWQgd2l0aCBgY3NjbGkgYm91bmNlcnMgYWRkIC0tbmFtZSA8Ym91bmNlcl9uYW1lPmAKYGBgCgpZb3UgY2FuIHRoZW4gc3RhcnQgdGhlIHNlcnZpY2U6CgpgYGBzaApzdWRvIHN5c3RlbWN0bCBzdGFydCBjcy1jdXN0b20tYm91bmNlcgpgYGAK",
+  "version": "v0.0.6",
+  "download_url": "https://github.com/crowdsecurity/cs-custom-bouncer/releases/tag/v0.0.6",
+  "asset_url": "https://github.com/crowdsecurity/cs-custom-bouncer/releases/download/v0.0.6/cs-custom-bouncer.tgz",
+  "status": "stable"
+ },
+ {
+  "name": "cs-cloud-firewall-bouncer",
+  "author": "fallard84",
+  "logo": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAABmJLR0QA/wD/AP+gvaeTAAAgAElEQVR4nO3deXhV1d3o8e865+QkOZkDIQwJQ4AQQAEZFGQKJCCzghynqq9tb23f2/pW66PtbXvvS/WtVatgqx2uvtqq19sBfdtah15FHOoMVBEIyCyCEKaEISM5Z90/NmkpAjlrn33OPsPv8zx5gGQPK5uzf3vtNfwWCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQiUm5XQDhrOrqap83u6QSX7hShVV/pRgQ1pQr6A50O/nlBzKBwMndGgGt0UcU6gRQj9Z7UGovsAetd6F86zqa6re89tprHa78YiImJAAkNzVz/uVDwlpNUFpP1HguAD0MyIrR+dpQ1IFer8PqLY9Hr3z5uWe2xOhcIg4kACSZ6vlXd/eFOmai9BxgJlDiZnkU7NaaldqjXvCHjv/xxRdfbHOzPMKMBIAkULNwYTd1wrMIra4EqgGv22U6I60/RfGlFc8/s8LtoojISABIUEuWLPG8tWZ9LWG+ouFSIMPtMkWoXWt16SsvLP+L2wURXZMAkGAmLliQFwhnfklr/W9Ahdvlsam+I6AGvbZ8+XG3CyLOzed2AYSlev7V3X26/VZC6msaXeh2eaJU6msOXwE85nZBxLlJAHDZ3LnXFLWp9m8RPvFNUHlul8c5ajwSABKeBACXVFdX+3y5JV9r0+0/QFPsdnkcp3SsuiKFgyQAuKBm7qJpCs9DaD3M7bLETFhtc7sIomsetwuQTmprgwUz5i3+icKzAkjdmx+4687vjtZaX+x2OcS5SQ0gTmrmBGeh9GNa08vNcmT6/WRlZRIIBAgEsgmHw7S2ttHW3k5bWxtNTc1Rn2PKxPGMG33BAmCB1vot4B7gOaWUjvrgwlHSDRhj1dU3ZGXkHr9Ha24iDtfb78+gX3k5ZX16UVbWm/KyPpT16UVpjxJyc3LweM5d6Wtrb+fAgUMcPHSI/fsPsnPXp2zfsZNtOz6hsfFIl+cfNHAA9/7H/yIvL/f0H60FlgJPKaVCdn8/4SwJADE0ffaVA5Un/IxCj4zVObxeL1VDBjNqxHBGnX8ew4YOwe+PzZihAwcPsfajDXz40XrWrtvAvvr9f/9ZIDubObNqueHaK8nMzDzXYT4CblJKvRGTQgojEgBipHZucC7oJ4Eip4+dkZHBReNGUzt9CqNHjSA7y50G90OHG/h09x6ys7Oo6N+PjAyjwLMcKxDUx6h453TL27qYEFehmQ4MwpohuU0p3g138NQD09RON8oVbxIAYqB2TvA2lL4bhxtZh1ZVUjttCtOmTDxTFTsZHQH+HXgoHq8Fwd9rb1kvpqG5Hricf0yHPpM1KB7OUPzm3knqWKzL5hYJAA6qrq72+QLdH0TxNaeOqZRiyqQJXHPFQioG9HfqsIlmFXC1UrHpOrzlTT2cENcBN6AoNdy9FfgziicLOnhxyTSVUvkQJAA4ZPbs2ZknPDm/BxY4cTyfz8v06slctXgh5WW9nThkojsG3KiU+q0TB7v5Dd1Laa5AcT0w2oljavhMaZ5WHh5bOlmtdeKYbpMA4ID58+cHWkKZf0Ax04njVU++mP92w7WUlro61d8tTwJfVUq1mO540ws605fHTDTXAZcR2xmUdUrxxAnNYw9OUQdieJ6YkgAQpZM3/wsopkZ7rPKy3nzja19m9KgRThQtmX0AXK6U2hHJxrf+VY8Jh7kexTVYqc/iqR14SSmeOJ7NHx8eq07E+fxRkQAQhWAw6G9o5g+g50RznEy/nysWX8rVwYWmLempbB8wRyn1wZl+eNOruizDxxe05svA4PgW7awa0Cz3eHny/knqTbcLEwkJADZVV1f7fDndnyHKd/6K/v34/ne+lS7v+aaOA4uUUi8D3PK2zlYh5mnNjUANif35rVOa5crHr+6fqD5xuzBnk8gXMKHVzFv8kNJ8PZpj1E6fws1fv7GrgTNpTUPbyt3c9fx2+pys4idb/2cYWKkUT3qaeea+S1ST2wU6lQQAG2rmLb5dae6xu38gO5tvfv1GpldPcrJYKWV/C3ywH1bth8OtbpfGMUeAZ1E8sWwSr5AAcyMkABg6OcLvWWwO8inp3o0f3fF9+vUtc7hkya+lAz48CKvrYedRcP3uiK1daH7j8/HIjye6N3VaAoCBWbOu6t/h7ViNtbiGsb7lffjRHd+nR0m8G6oTV1jD1iPWTf/RQWgPu10iV7g26lACQISqq2/I8uY0vWt3Ys/Qqkp++O//I1WG8EZtz3Grev+3/XDcxY6zgA8uODnc4oMD0OzuOL8m4A8oHi+YxMolSsU8HEoAiNCMeYt/ojX/ZmffMReMZMn3biMrK70b+462w4cHYPV+2O1ivmCPgkEFMLYURnQH/8mXuZCGTQ1WbWT9IevfbonXqEMJABGYMX/xTB3mL9i4XlWVg7j3rn93bcae2zrC8HFjYtxUpQEYVwrjekCe/9zbntoeseNofMp3DjEbdSgBoAvVl11W6DvhqwPzTD79+pax9J47yM9LoWS/Edp9HFbVw98OQJPLVfyR3WFCLyiz+fZV32z9Lqv2w7F2Z8tnyPFRhxIAulA7d/GjwJdM9+verZgHfvwflPZIn/H8jW3WDf/ePjhgPJLfOT4PVBZaT/vzuoHXoU+5BrY0JkyDpSOjDiUAnMPJ7L2vYHidAtnZ/PT+u9Kiq+9EGOoOwzt7rZvDza67slwY2wPG9ICcGI+obu2A9YetYOD2700Uow4lAJyFNdS35APQ55nu+51bb6Jm2pRYFCshaKx++tUnq/htLmb4K/BbN/xFPaEk250yNLRZPQjv7IVD7g5aMh51KAHgLGrnLr4J+KnpfvNmz+CbX78xBiVyX6KMzvN5YHix1Yo/tMhq1U8EiRQYiXDUYYJcusRysuFvK4YDfir69+OnS+8i099FE3MS0Vhdd2/sgU9cTIylgEGFVhV/RHfITMwF0v+uLWS1E6zeD1vdf0XYiubRjkx+/uB49U99GhIAzqB23uI70XzfZJ/MzEx+8ZN7U2pWX9MJeGQD7HLxxi/Jtm76saVQlKTDKBrarFrB6v3uNo4Cu0Ka2p9OVVs6vyEB4DTV86/u7guf2A4Y9d198bqruebKRTEqVfyFNDzwoTViL96yfTCqxOqv758f//PH0s6j1ivUhwessQYu2OX1Mu6+iWo/yMpAn+PT7beartJbXtab4KL5sSqSK1bVx/fmV8Dgws+Pzks1/fOtr4UVrg2Q6hsOcRtwG0gA+CcTFyzII6SMM/r+61e+mHKZfFbFKVt/rxzrST8mgtF5qaSzIXN4sTW4aM3JxtW9ccgWoOEraH07SmkJAKfIDvm/DBSa7DNtykTGjRkVoxK5Z38M31WzfTCqu/W0H5BiVXw78vxQXWZ97Wu2agWr6uFY7EZQFnzrDcqWwqcSAE5asmSJ581V628y2cfn8/Llf/lCrIrkKqeH73oVDClyfnRequkZgHkDYE7/f0yTXnvQGnDlJOWhBxIA/uHNVetmgKow2Wd69eR0Td0dsc4JOBeWQm5qvSXFlEdZw5krC2HhwNglSpEA0El5voKO/NJ6PB6uWrwwhgVKXvl+awLORT2hd47bpUl+2T6Y0NP62t9sjTp0ajCWBACgZuHCbrRro+y+kyeOT6k+/2gl6ui8VNMjAJf0g5n9nBl1KAEAUCc8izBcReaaK+Tpf6o7xkNWgo/OSyUKqwF1QD7Mr4Dvvm3vOCna22pGo64y2X5YVWUqL9Rpi9z87onm2qd9AKief3V3pc2W9aqdHvUqYEIkhLR/BfDqE5cAEcdQn8/H1MkTYlgi4RYNrDtoze8PaStv4HndwJ/CtZu0DwBKM9tk+wkXjU3LFF+priMMv9oIGw//43vv7rNu/vO7WSMVKwtTr3Ez3QOAArMlvWumTY5RUYSbXtn9zzd/p/aQNUx3zX5rxN7oEisY2M0vmGjSOgDUzr2yCkIRj+Txer1cMPL8WBZJuCSSuQ/H2uH1PdZXacCapjy6R/JOU4Y0DwCa8MUmNbqqIYMJZLuUd0rEVIPhoJr6Znh+J7ywEyoKrFrByO7WoJ1kkmTFdZaH8ARtkBJh1IjhMSyNcJPd4bUa2HbE+vqvbbHJRhxLaR0AtFKjTf7nR40wzg8q0kjHyQzJdYetmkDnyMjBhYmbeSdtA0B1dbUPzdBIt/f7MxhWNSSWRRIppKXDSgG2er/VRnBBibuZi88mbQOAN7ukEnTE63X1LS/D75fpbMJcQxus3G199cuDqX1gZEli1ArSdiSgx4vR47y8rE+siiLSyCfH4IlN8JMP3V0yrVPaBgAdDhsN5i/vIzP/hHN2HYP/vd7dxVIhjQOA8iijAFAmU3+Fw3Yft6bzuiltA0BYU26yfVkf48WBhejSO/vcPX/aBgBQRqv+9OzRI1YFSUimDVQu12ST1j4HsgDbufY6TBjSOAAowkbJ/AKBBOu/iTGv4Scj5O5S2UnLictmJ2FoGFohjQMAqKJIt8z0+/F6U3hO6BlkGH4ynM5amy58DvQFdti59mFaIK0DABE/0rOyIx4ukDJMA4CtD6EwrmmdiZ1rnyE1ACJehyYdJwD5pAYQF07UAOxce0+H1AAiDgDZaRgA5BUgPrIdGFxq59o3n5AaQMQv9V4n6mlJRl4B4iPXgcH4Nq59+MHZtEN6BwBxDqYBoNVmXvp0F3CgBtBqvsx4K0ppkAAgzsI01fSx9tiUI9UFHKgBHDWfU3Ck8y8SAMQZ5RumuToqAcCWQgfSiR1tM97ls86/JP104OrqG7IyAk1VYQ9D0LpSKV0Fngq0zgFygKKTf6bR6vPRyze8WhIA7Cl2oIfZxjLiezv/knQBoLq62ufPKRmp0bUaVQvHJ2nIUp3jIbVCBqZGzzQAxHAt+5TmREJRG8E3uQJAMBj0Hm5iOkpfr2BhGH1yzVm50WNFagDx4UQNIGUDwPQ5i/p58fz3hmb9BaWQjBxxZFwDkABgzO9xpg3AtPal4O9zEBMyANTOvbxCKfVNrfmqhiTOup68TAPAwVarPpYIaa6SRc+c6K+XBg63GO+0p/OvCRUAps++cqBHdfwQVFBr6aFwU16G9eGM9CWrPQSNbcm9SEa89QxEf4yGVmg3HAikVYLVAILBoL+xWd+iCS0BlXAzb/LzUmQdKAM+DxRlwWGDBTPqmyUAmHAiANQ3m++TqdjS+XfXn7I1c4KzGpr1Bg13Awl38wMMqhjgdhFcUWr4Ad1v48OYzpxYX9A0AGj47O7JqqHz367VAILBoL+xRf9Ya30TCfzq6PF4qK2Z6nYxXNEzcOYFM8+m3vRdNI15FJQ7sMi06TVXUHfqv10JALVzL69oaNa/A8a6cX4TwUUL6N/XKH1gyughNYCY6Z0DmQ7kmDF+BdAuB4DaucG5oJ8CCuJ9bhMej4fgogV86fqr3S6Ka0zfUfc2SU9ApAbkR38MjY0AoNh46j/jGgBmzAneoNGPxOO8mZmZZGVlEsjOJicngFKRfSzz83IZVDGAGTXV9OtbFuNSJrbSgFlPQHMHHGiBHumXPsFYhQOPv/pmawkyE2G3agA18xbfrrW+mxg8IMr69GLUiPMYNLCCsj69KC/rQ3FRodOnSTtZXijItLr3IrXzqASArniUtWBotHYeNd/HF3YhANTOXXw3mm87dTylFOcPH0rt9KmMGzOK7t2KnTq0OE2vHPMAcGFp7MqTCspznZkG/Mkxs+01fHb/NHXw1O/FPADUzFt8u1M3f0F+HgvmzeKS2mmU9jDK6i1sGpBv1hOw0/BDmY6qIs5HfW6mNQAFb53+vZgGgBlzgjecrPZHpbi4iOCiBcybNYOsLBlpEk+mjVX1TdZ7aXZCDDFLTEMdqLC2dNjoddFxDAA1cxbP00o/QhTv/D6fl4UL5nLdNUGysxJyjFDKK88Dr4p8EUuNVTV16imXagoznen/33nMfC5sWPP26d+LSQConXt5BfBkNMcfWlXJt276Kv379XWuYMKY32ONWDN539zSKAHgbEaVONMKvrmh621O01Sk+eD0bzo+FHjMmBszUJ6nAFvtnEopFi6Yw9K7fyA3f4Lob/gaUGfQZpBuRhitSHl2Nq7xe0umqc91GjpeAyjudfg+rRlvZ99AIJvv3nYzF40b7XSxRBQG5MPre7rerlN9MxxqhW7y1vZPirOgnwMDgA61WuMtTJypARAcrgHUzAnO0pqb7OxbWFjAfT9aIjd/AhqQb15tNek5SBcXljpT/bdTwwrFOgBUV9+QpZR+EBu/Y2mPEh64904GD6xwqjjCQXl+6GM4c22T+TtqSlPAGIdWmLcRXJtbAvz1TD9wLAD4co9/Bxhkul9BQT4/uuP79Ondy6miiBgYbth1taXRPFFFKhtU6MwrUXsIth7pervTvPzwWHXGTkNHAsD02VcOtDPYJ5CdzY9+8D3Ky3o7UQwRQ8MMG69OhOFjqQX83USHnm8bG8yXAtPw3Nl+5kgAsNJ4mSXzUErx3dtvZvAgqfYng7JcKDDME7hmf2zKkmyKMuE8h1r/bVxT7ffwwtl+GHUAuGRBcBBKLTbdL7hovjT4JRGF+Qi2usPms9VS0ZQ+1gSgaDV32GpbWXXvJPXZ2X4YdQAIdejvYrDSLliDfL543TXRnlrEmWk7QEcY1h7sertUlul1bnLUhwdsrASs+fO5fhxVAJh56VXlKL5gso/X6+Xmb9yIz+dAOhQRV4OLzFcNTvfXgEm9nZsXYedaKnj+XD+PKgDoEx3fwHDNvUWXzqWif79oTitc4vfAMMNawPYjZpmFU4nfC1MdWs6moc3W/P/NS6fw4bk2sB0AgsGgVxs+/YuLi7jumqDdU4oEMM6wOquB1WlaC5jYC3IznDnW+/tsLYT3OEqdczfbAaCxVdeA2XJdwUULZFZfkqsqsgYGmXh7b+SzCVNFpheqHXr6hzS8va/r7U4TVponu9rIdgAIh7nOZPv8vDzmzqq1ezqRIDwKRhvmYjnann6NgdPLzAPl2XxwwNbaiyuXTlWfdrWRrQAQDAb9Chaa7HPp/Fny9E8Rdlq13zxrR1Tqyfc79+4P9q6dgscj2c5WADjSFBoP5ERcGKWYWVNt51QiAfXKgT4R/+9bdh6FXWmSLmx2f6sB0Ak2r9vx1hB/jGRDWwEg7PFMN9l+xHnD6Fnq0EwIkRBMGwMhPWoB5bkwzsGPus1rtvzn09TxSDa0FQC0VtNMtq+ZNsXOaUQCG1tq/pT74IBZhuFk41EQHOzMqD+wuv5stp38MtINjQPAhGAwW6EvMtln7OiRpqcRCS7gM3/ShTSs6LJZKnlN7OXMgp+dXt5lo/dE8ddlU9T7kW5uHABymxgCRJyat6xPL0q6OzQTQiSUKX3Mkz+8ty81BwYVZlrv/k5paINV9bZ2XWaysXEACHsYYrL9qBHnmZ5CJImSbBhuGNtDGl5JsVqAwqr6Zzk4uv0lO09/2LF7L8+a7GAcADzaLADIdN/UZqe76/361KoFXNwLhjqYBbmhDVbbePprWLb8ChUy2cc4AGgVNgoAZX0k2UcqG1gAfQ3z3KdSW0C3LJg/wNljvvSJrad/Y3uIX5nuZBwAlFZGbzplkuor5U22EePfr7extHWC8Sr4whDn+vwB9jXDKnuz/h6OtOvvVOY1AFTEiY39/gyKi2WFiFR3QYm1lLiJsIb/2hab8sTLggrzNRO68qft1rUx1BRqZ6md89kYB6AjrvAFAoafCpGUPAousbGGy5ZGWHfI+fLEw7Bia66/k9YetJlHUbHsJ7XKVp+BnYFAkQeAbBn7ny5GltjrA//TdhtZblzWI9uq+js03gewkqj+eYetXRszsff0B3sBIOL/5qysbBuHF8lIAbNt5Hk53AqvGaw65LYsL3xxmPOrH6/81F7PiIJ7756sbOdfdnxtwFOFQpIRMp0MLYaKAvP9VnyaHEOEPQquqzJv7+jK4VZ4dbetXfd5WvhpNOe2EwAibmlsaUmhzl4Rkbk2RsO1h+C3m21lvHFMJOP3Fw40z4zcFQ08vdXeIioa7rrvEtUUzfntBICIJyc2txiuYCiS3oB887yBAJsbrbRXbinuorlqRl/nFvc41bt7bS+jtj10nIejPb+dABBxasLm5hY6OuQ1IN0sHAg+G5+sP223RsG54VwTmy7qCbNikMe2oQ2etdfwB4qbH5yjor5aNv6bVMQBIBwOs3efvRkNInl1y4KaMvP9Wl18FZheDiO6f/7740ohOMjZFn+wfsffb4E2o4G7FgV/XDZZnTPff6TM2zJV+BO0mhjp5rv37KW8zMH8SCIp1JTD3w6Yr2O/pdGaMTi+Z2zKdTZeBTcMtarjHzdYN+jQIhgSo3Fs7+y1vXZis0fzLafKYT4SUKtNJtvv+tRe86ZIbj6P9Spgx5+2w36Xmo+qiuDSCrisInY3f32z7T5/0Nx531Rld+/PMX8FUGqzyebr6z42PoVIDVVFZ65Wd6UtBL/emJrLi7ef/N3sVP2BzR1NZvP9u2I+HTiM0R390boNhEL2fluR/C6rsHLkm9rXBM9sdb48blu+1fYkKK3CfM2Jhr9TGQeAE805m4CIC9Hc0sKWrdtNTyNSRGGm/emyq+rhXRe7Bp329l77ayVq+OXSavWqsyWyEQBee+3XrWjeNdnnzXciTlEmUtDFveyNDQBrxuBu40muieezJqttww4N29pD3O5siSx2hwIbRaIVK18nHE7BFzoRsSsH21snryMMj2+EphPOlylejp+Ax+qsCT82dCi4xs5c/0jYSwuuWGmy/aHDDXz40Xo7pxIpIs9vBQE7DrXCIxuSs1HwRNi6+e2mQNNwh0mWX1O2AkBxQL2HwZwAgGef+392TiVSyPBu9vv3dx2D33zs7nwBUxr43WZby3p3HmB1c4C7nSzT6WwlM6qrqwtVDBk6FFTECf937/mMSRdfRFGhjeliImUMLrQSXzTbGCFe32y9ElQmSZKpP++Ad+w3YjYpD5c8NEEdcLBIn2N7OrAOe7pcevifttea3z79B7unEynC77Wm1GbY/OSt3G2Nokt0b++F16IYA6c1X1062WzMjR22A8DkC4e/gtZGuV1fff0tNm1Owc5dYaQs18qjb9cz2+CjBF5ufO3B6PIdalj6wFT1lHMlOjvbAWDJkiVhlPq/JvtorfnZLx9F62R6kxOxMLaHvWzCYCXNfHITrE/AfILrDsH/2WQrsWenVwpDfNvBIp1TVAmNK6qGb0bzDZPjHDx0mOLiIioH2xwoLlLGkCLYftReC7nGqgX0ybVy9CWCTQ1Wl6WNnP6dPumAS+6tjk2X35lEFQC2b647UlE5rD9wgcl+a9etZ9KEiygocDinskgqSlkDhNYehBYbjYKdQaAs11qmzE2bGqzuvigSnLZ6FLMemKLi+o4cdU7AcNh7F2D039fa2saddy+lrb092tOLJJeTYU3DtdsoGNLWU3dzo7PlMuHAzQ+aL98/Wa1xrFARinpNkx1bNzRUVA4bCpxvsl/jkSMcPHSYiy8ah1JOp1sQySTfD71zrJqAndpzWMMHB6xaQK8cx4t3Th8dhMc3RX3z/89lU9XPHCuUAUcWNeo/uGq1UupGwGiw57btO+kIhbhgpFHsECmoR8DKy2e3YU8D6w5a3YwD4vRm+dfPrIE+UTT4oeEXD0xVcWv0O50jAWDHlo1HBlQO8yqYZrrv+g0bycvNZeiQKPqFREronWNl5916xP4xNjdag4yqip1P49VJYy3g+dzO6I6j4I+79/HFuuU/cK1bzLFlDceOGv5uawdXAMYpIFb/bS0azcjzhztVHJGkBhZASwg+iTj39OftOmb1LAzrFlm6bxNhbc3pfz3axUwUr3YcZ+GvLlOuTnNyLADU1dWFBg4ZthnNtdgIvh+tq6O5uYUxF4yUNoE0N6TISgm2L4rVgz9rsoLI0CLnVu9tOjmrz4FBSGsyPMxaVqNcXx/ZwYWNYfvmum0VlcMKgAl29t+4aTNbtm1n7OiRZGZmOlk0kUQUcF432H0MDkaxtsyhVqthsaLAamiMxu7j8It1sCeqZTgA2Oj1MuPHk+wv5+UkRwMAQFH+pJXZuS21QLmd/Xfv2curr7/JkMpB9CixkVBOpASPglEl1gQgmym0AGt8war9VgCws3gpWFl8fl0HTdEvcVGnoXbpZHsr+caC4wFg79414Yqq4S+j+RfA1vCM5uYWXlrxGocOH+b84cPw+21kkhBJz6OspKKHW60qvV1hDRsOw9F2q3Ew0naBjrCVxee5nVGN7uu0pr2dmgenKZtJwWLD8QAA1gjBgUOGrgd1JVEMNtqydTsvrXyd4sICBvTvK20DaUgpK49AQ1t0QQCsavzmBhhUAIEunikHWuDROmtsvwPe6vAz86EpysXhSmcWkwAAsH3zxi0DhgzbrmAhUfTItLS08uY777Pi1TcAGFTRH683ZsUWCUgpq02gpcNq4Y/GkXYr0WimF/rmf/6DqbF+/uuN9rP4nOb1DA9zl12soix5bMT0TtqxuW5dxeDhzShmRHus48ebWLXmQ1565TWOHD1Gt+JimUuQRhRW9b0tyi5CsF4JNjVYwWRw4T/Slh9phyc2wht7HKnyAzyPj0vvnxjdCr6xFPNH6fYtdW8PHDwsE8VkJ47X3NzC+g0befb5v/Du+2vYf+AgCkVRcSE+qRmkNIW12EhOBnzcGH16sIOt8H49FGVZXY7/uQH2OtQxpxQ/Kwhxw91TVEJPeInbS3XtnOBtKH1PrM7p92fQr7ycsj69KCvrTa+epWRnZREIZJOTE8Cjop73JCKQm5tDaY8SPJ7YXu+PG+CJTfZmEcZYSCm+t3SyusftgkQirq1qtXZ+SzgAAANFSURBVPMWX4/mUewsSiqSRl5eLrXTpnDd1UHy8mz2vUXgQIv11DZdgDSGjivF1Usnq+fcLkik4lpn3r65bm3/QcNWK8UcbHYRisTX3t7Opo+38Pqb73Dx+HHk5sZmil5OBowusd7lGxxdMMuW3drLjGWT1BtuF8RE3F+ad2yt21o5cMTvtCd8MSDrhqew401NfLS+jjmX1MasC9fvtYJAY3v03YR2KXjD66V26UQVRSZAd7jSarZ16/rGMaOGP9F6glxgPHF+FRHx09DQSP++5fTvZ2tgaEQ8Cs7vBt2yrdmADrXgR0KjebAph2sfHJ+Y3Xxdcf3Gq5kTnKFU+CFQlW6XRcRGzbQpfOfWm+JyrgMtVuPgnlhn1dPUA9cvm6peivGZYsr1frMdW+q2DxnU/5Ew/jYUEzBMKiISXyCQzawZ0+NyrpwMuLAUWkPwaeyeySt8YS65v1qtjdkZ4sT1GsCpZs4PDgiH9Z3AVSRAcBKOeWXF80/Xxvukt7yhLwUeA2yuTfw5HUrzw/wp3LFEqSRcqfDzEqpz/KU/L9+x4vmnr/V6VZVCPwok9CAKEbF1bpx02RT1p44QIzU868Dh1mgv45ZOVUtS5eaHBKsBnG7mpVeV6xMd/6rR16JU7FqRREx5tB7/0gvPvOdmGW75q56P5udAmeGuLUrxg/wO7l8yTSXesKMoJXQA6LRkyRLP2+9tqNYefb2GRUCe22USEfv9iuefvtLtQgB8+2Vd0O7nDhTfILLa7+tKcWM81uhzS1IEgFONGXNjRnGPgxeGPZ7pCqZjdSNmuV0u8XlasdIfylz44otP2V0gOyZufVNPCod5GBh6lk0aUHxn2SQeQamUXscu6QLA6WbPnp0Z9mZVhbW3UqMqNbpKoQZoyFXoPKAQyAWiTAolInQM1Eeo8ONF2Z7Hli9fHnK7QGey5FWddcTDzSiuAgYACs024HeeMP95/zSVwMuPCiGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBAiMv8fEXkhdG5DOgcAAAAASUVORK5CYII=",
+  "url": "https://github.com/fallard84/cs-cloud-firewall-bouncer",
+  "description": "Crowdsec Cloud Firewall Bouncer",
+  "stars": 5,
+  "downloads": 25,
+  "readme_content": "PHAgYWxpZ249ImNlbnRlciI+CjxhIGhyZWY9Imh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjIj48aW1nIHNyYz0iaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3Jvd2RzZWMvcmF3L21hc3Rlci9kb2NzL2Fzc2V0cy9pbWFnZXMvY3Jvd2RzZWNfbG9nby5wbmciIGFsdD0iQ3Jvd2RTZWMiIHRpdGxlPSJDcm93ZFNlYyIgd2lkdGg9IjQwMCIgaGVpZ2h0PSIyNDAiIHN0eWxlPSJtYXgtd2lkdGg6MTAwJTsiPjwvYT4KPC9wPgo8cCBhbGlnbj0iY2VudGVyIj4KPGEgaHJlZj0naHR0cHM6Ly9naXRodWIuY29tL2ZhbGxhcmQ4NC9jcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyL2FjdGlvbnM/cXVlcnk9d29ya2Zsb3clM0FidWlsZCc+PGltZyBzcmM9J2h0dHBzOi8vZ2l0aHViLmNvbS9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci93b3JrZmxvd3MvYnVpbGQvYmFkZ2Uuc3ZnJyBhbHQ9J0J1aWxkIFN0YXR1cycgLz48L2E+CjxhIGhyZWY9J2h0dHBzOi8vZ2l0aHViLmNvbS9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci9hY3Rpb25zP3F1ZXJ5PWJyYW5jaCUzQW1haW4rd29ya2Zsb3clM0F0ZXN0cyc+PGltZyBzcmM9J2h0dHBzOi8vZ2l0aHViLmNvbS9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci93b3JrZmxvd3MvdGVzdHMvYmFkZ2Uuc3ZnP2JyYW5jaD1tYWluJyBhbHQ9J1Rlc3RzIFN0YXR1cycgLz48L2E+CjxhIGhyZWY9J2h0dHBzOi8vY292ZXJhbGxzLmlvL2dpdGh1Yi9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlcj9icmFuY2g9bWFpbic+PGltZyBzcmM9J2h0dHBzOi8vY292ZXJhbGxzLmlvL3JlcG9zL2dpdGh1Yi9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci9iYWRnZS5zdmc/YnJhbmNoPW1haW4nIGFsdD0nQ292ZXJhZ2UgU3RhdHVzJyAvPjwvYT4KPGEgaHJlZj0naHR0cHM6Ly9nb3JlcG9ydGNhcmQuY29tL3JlcG9ydC9naXRodWIuY29tL2ZhbGxhcmQ4NC9jcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyJz48aW1nIHNyYz0naHR0cHM6Ly9nb3JlcG9ydGNhcmQuY29tL2JhZGdlL2dpdGh1Yi5jb20vZmFsbGFyZDg0L2NzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXInIGFsdD0nR28gUmVwb3J0IENhcmQnIC8+PC9hPgo8YSBocmVmPSdodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL01JVCc+PGltZyBzcmM9J2h0dHBzOi8vaW1nLnNoaWVsZHMuaW8vYmFkZ2UvTGljZW5zZS1NSVQteWVsbG93LnN2ZycgYWx0PSdMaWNlbnNlOiBNSVQnIC8+PC9hPgoKPC9wPgoKPHAgYWxpZ249ImNlbnRlciI+CiYjeDFGNERBOyA8YSBocmVmPSIjaW5zdGFsbGF0aW9uLWFzLWEtc3lzdGVtZC1zZXJ2aWNlIj5Eb2N1bWVudGF0aW9uPC9hPgomI3gxRjRBMDsgPGEgaHJlZj0iaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0Ij5IdWI8L2E+CiYjMTI4MTcyOyA8YSBocmVmPSJodHRwczovL2Rpc2NvdXJzZS5jcm93ZHNlYy5uZXQiPkRpc2NvdXJzZSA8L2E+CjwvcD4KCiMgQ3Jvd2RTZWMgQ2xvdWQgRmlyZXdhbGwgQm91bmNlcgoKQm91bmNlciBmb3IgY2xvdWQgZmlyZXdhbGxzIHRvIHVzZSB3aXRoIFtDcm93ZHNlY10oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3Jvd2RzZWMpLgoKOndhcm5pbmc6IFRoaXMgaXMgbm90IGFuIG9mZmljaWFsIENyb3dkc2VjIGJvdW5jZXIuCgpUaGUgQ2xvdWQgRmlyZXdhbGwgQm91bmNlciB3aWxsIHBlcmlvZGljYWxseSBmZXRjaCBuZXcgYW5kIGV4cGlyZWQvcmVtb3ZlZCBkZWNpc2lvbnMgZnJvbSB0aGUgQ3Jvd2RTZWMgTG9jYWwgQVBJIGFuZCB1cGRhdGUgY2xvdWQgZmlyZXdhbGwgcnVsZXMgYWNjb3JkaW5nbHkuCgpTdXBwb3J0ZWQgY2xvdWQgcHJvdmlkZXJzOgoKLSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0gKEdDUCkgTmV0d29yayBGaXJld2FsbDpoZWF2eV9jaGVja19tYXJrOgotIEdvb2dsZSBDbG91ZCBQbGF0Zm9ybSAoR0NQKSBDbG91ZCBBcm1vcjpoZWF2eV9jaGVja19tYXJrOgotIEFtYXpvbiBXZWIgU2VydmljZXMgKEFXUykgTmV0d29yayBGaXJld2FsbCA6aGVhdnlfY2hlY2tfbWFyazoKCiMjIFVzYWdlIHdpdGggZXhhbXBsZQoKQSBjb21wbGV0ZSBzdGVwLWJ5LXN0ZXAgZXhhbXBsZSBvZiB1c2luZyB0aGUgYm91bmNlciBkb2NrZXIgaW1hZ2Ugd2l0aCB0aGUgR0NQIHByb3ZpZGVyIGlzIGF2YWlsYWJsZSBbaGVyZV0oZG9jcy9leGFtcGxlLWdjcC5tZCkuCgojIyBVc2luZyBEb2NrZXIKCllvdSBjYW4gcnVuIHRoaXMgYm91bmNlciB1c2luZyB0aGUgW2RvY2tlciBpbWFnZV0oaHR0cHM6Ly9odWIuZG9ja2VyLmNvbS9yL2ZhbGxhcmQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlcikuCgpZb3Ugd2lsbCBuZWVkIHRvIGNyZWF0ZSB0aGUgY29uZmlndXJhdGlvbiBmaWxlIGFuZCBtb3VudCBpdCBvbiB0aGUgZG9ja2VyIGNvbnRhaW5lci4gQnkgZGVmYXVsdCwgdGhlIGJvdW5jZXIgd2lsbCBsb29rIGZvciB0aGUgY29uZmlnIGF0IGAvZXRjL2Nyb3dkc2VjL2NvbmZpZy5kL2NvbmZpZy55YW1sYCBidXQgdGhpcyBjYW4gYmUgb3ZlcnJpZGRlbiB3aXRoIHRoZSBgQ09ORklHX1BBVEhgIGVudmlyb25tZW50IHZhcmlhYmxlLgoKIyMgSW5zdGFsbGF0aW9uIChhcyBhIHN5c3RlbWQgc2VydmljZSkKCiMjIyBXaXRoIGluc3RhbGxlcgoKRmlyc3QsIGRvd25sb2FkIHRoZSBsYXRlc3QgW2Bjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyYCByZWxlYXNlXShodHRwczovL2dpdGh1Yi5jb20vZmFsbGFyZDg0L2NzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXIvcmVsZWFzZXMpLgoKYGBgc2gKJCB0YXIgeHp2ZiBjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyLnRnegokIHN1ZG8gLi9pbnN0YWxsLnNoCmBgYAoKIyMjIEZyb20gc291cmNlCgpSdW4gdGhlIGZvbGxvd2luZyBjb21tYW5kczoKCmBgYGJhc2gKZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci5naXQKY2QgY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci8KbWFrZSByZWxlYXNlCnRhciB4enZmIGNzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXIudGd6CmNkIGNzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXItdiovCnN1ZG8gLi9pbnN0YWxsLnNoCmBgYAoKIyMjIFN0YXJ0CgpJZiB5b3VyIGJvdW5jZXIgcnVuIG9uIHRoZSBzYW1lIG1hY2hpbmUgYXMgeW91ciBjcm93ZHNlYyBsb2NhbCBBUEksIHlvdSBjYW4gc3RhcnQgdGhlIHNlcnZpY2UgZGlyZWN0bHkgc2luY2UgdGhlIGBpbnN0YWxsLnNoYCB0b29rIGNhcmUgb2YgdGhlIGNvbmZpZ3VyYXRpb24uCgpgYGBzaApzdWRvIHN5c3RlbWN0bCBzdGFydCBjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyCmBgYAoKIyMjIFVwZ3JhZGUKCklmIHlvdSBhbHJlYWR5IGhhdmUgYGNzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXJgIGluc3RhbGxlZCBhcyBhIHNlcnZpY2UsIHBsZWFzZSBkb3dubG9hZCB0aGUgW2xhdGVzdCByZWxlYXNlXShodHRwczovL2dpdGh1Yi5jb20vZmFsbGFyZDg0L2NzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXIvcmVsZWFzZXMpIGFuZCBydW4gdGhlIGZvbGxvd2luZyBjb21tYW5kcyB0byB1cGdyYWRlIGl0OgoKYGBgYmFzaAp0YXIgeHp2ZiBjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyLnRnegpjZCBjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyLXYqLwpzdWRvIC4vdXBncmFkZS5zaApgYGAKCiMjIENvbmZpZ3VyYXRpb24KCkJlZm9yZSBzdGFydGluZyB0aGUgYGNzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXJgIHNlcnZpY2UsIHBsZWFzZSBlZGl0IHRoZSBjb25maWd1cmF0aW9uIHRvIGFkZCB5b3VyIGNsb3VkIHByb3ZpZGVyIGNvbmZpZ3VyYXRpb24sIGFzIHdlbGwgYXMgdGhlIGNyb3dkc2VjIGxvY2FsIEFQSSB1cmwgYW5kIGtleS4KVGhlIGRlZmF1bHQgY29uZmlndXJhdGlvbiBmaWxlIGlzIGxvY2F0ZWQgdW5kZXIgOiBgL2V0Yy9jcm93ZHNlYy9jcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyL2AKCmBgYHNoCiQgdmltIC9ldGMvY3Jvd2RzZWMvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci9jcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyLnlhbWwKYGBgCgpgYGB5YW1sCmNsb3VkX3Byb3ZpZGVyczogIyAxIG9yIG1vcmUgcHJvdmlkZXIgbmVlZHMgdG8gYmUgc3BlY2lmaWVkCiAgZ2NwOgogICAgcHJvamVjdF9pZDogZ2NwLXByb2plY3QtaWQgIyBvcHRpb25hbCBpZiB1c2luZyBhcHBsaWNhdGlvbiBkZWZhdWx0IGNyZWRlbnRpYWxzLCB3aWxsIG92ZXJyaWRlIHByb2plY3QgaWQgb2YgdGhlIGFwcGxpY2F0aW9uIGRlZmF1bHQgY3JlZGVudGlhbHMKICAgIG5ldHdvcms6IGRlZmF1bHQgIyBtYW5kYXRvcnkuIFRoaXMgaXMgdGhlIFZQQyBuZXR3b3JrIHdoZXJlIHRoZSBmaXJld2FsbCBydWxlcyB3aWxsIGJlIGNyZWF0ZWQKICAgIHByaW9yaXR5OiAwICMgb3B0aW9uYWwsIGRlZmF1bHRzIHRvIDAgKGhpZ2hlc3QgcHJpb3JpdHkpLiBBZGRpdGlvbmFsIHJ1bGVzIHdpbGwgYmUgaW5jcmVtZW50ZWQgYnkgMS4KICAgIG1heF9ydWxlczogMTAgIyBvcHRpb25hbCwgZGVmYXVsdHMgdG8gMTAuIFRoaXMgaXMgdGhlIG1heGltdW0gbnVtYmVyIG9mIHJ1bGVzIHRvIGNyZWF0ZS4gT25lIEdDUCBuZXR3b3JrIGZpcmV3YWxsIHJ1bGUgY2FuIGNvbnRhaW4gYXQgbW9zdCAyNTYgc291cmNlIHJhbmdlcy4gVXNpbmcgdGhlIGRlZmF1bHQgb2YgMTAgbWVhbnMgMjU2MCBzb3VyY2UgcmFuZ2VzIGF0IG1vc3QgY2FuIGJlIGNyZWF0ZWQuIEEgR0NQIHByb2plY3QgaGFzIGEgZGVmYXVsdCBxdW90YSBvZiAxMDAgcnVsZXMgYWNyb3NzIGFsbCBWUEMgbmV0d29ya3MuIFNlZSBodHRwczovL2Nsb3VkLmdvb2dsZS5jb20vdnBjL2RvY3MvcXVvdGEgZm9yIG1vcmUgaW5mby4KICBhd3M6CiAgICByZWdpb246IHVzLWVhc3QtMSAjIG1hbmRhdG9yeQogICAgZmlyZXdhbGxfcG9saWN5OiBwb2xpY3ktbmFtZSAjIG1hbmRhdG9yeSwgdGhpcyBpcyB0aGUgZmlyZXdhbGwgcG9saWN5IHdoaWNoIHdpbGwgY29udGFpbiB0aGUgcnVsZSBncm91cC4gVGhlIGZpcmV3YWxsIHBvbGljeSBtdXN0IGV4aXN0LgogICAgY2FwYWNpdHk6IDEwMDAgIyBvcHRpb25hbCwgZGVmYXVsdHMgdG8gMTAwMC4gVGhpcyBpcyB0aGUgY2FwYWNpdHkgb2YgdGhlIHN0YXRlbGVzcyBydWxlIGdyb3VwIHRoYXQgdGhlIGJvdW5jZXIgd2lsbCBjcmVhdGUuIEEgY2FwYWNpdHkgb2YgMTAwMCBzaWduaWZ5IHRoYXQgdGhlIHJ1bGUgd2lsbCBjb250YWluIGF0IG1vc3QgMTAwMCBzb3VyY2UgcmFuZ2VzLiBBV1MgaGFzIGEgZGVmYXVsdCBxdW90YSBvZiAxMCwwMDAgc3RhdGVsZXNzIGNhcGFjaXR5IHBlciBhY2NvdW50IHBlciByZWdpb24uIFNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vbmV0d29yay1maXJld2FsbC9sYXRlc3QvZGV2ZWxvcGVyZ3VpZGUvcXVvdGFzLmh0bWwgZm9yIG1vcmUgaW5mby4gVGhpcyBjYXBhY2l0eSBpcyBvbmx5IHVzZWQgd2hlbiB0aGUgcnVsZSBpcyBiZWluZyBjcmVhdGVkIGFuZCB3aWxsIG5vdCBiZSB1cGRhdGVkIGFmdGVyd2FyZHMuCiAgICBwcmlvcml0eTogMSAjIG9wdGlvbmFsLCBkZWZhdWx0cyB0byAxIChoaWdoZXN0IHByaW9yaXR5KS4gVGhpcyBpcyB0aGUgcHJpb3JpdHkgb2YgdGhlIHJ1bGUgZ3JvdXAgaW4gdGhlIGZpcmV3YWxsIHBvbGljeS4KICBjbG91ZGFybW9yOgogICAgcHJvamVjdF9pZDogZ2NwLXByb2plY3QtaWQgIyBvcHRpb25hbCBpZiB1c2luZyBhcHBsaWNhdGlvbiBkZWZhdWx0IGNyZWRlbnRpYWxzLCB3aWxsIG92ZXJyaWRlIHByb2plY3QgaWQgb2YgdGhlIGFwcGxpY2F0aW9uCiAgICBwb2xpY3k6IHRlc3QtcG9saWN5ICMgbWFuZGF0b3J5LCB0aGlzIGlzIHRoZSBjbG91ZCBhcm1vciBwb2xpY3kgd2hpY2ggd2lsbCBjb250YWluIHRoZSBydWxlcy4gVGhlIGNsb3VkIGFybW9yIHBvbGljeSBtdXN0IGV4aXN0LgogICAgcHJpb3JpdHk6IDAgIyBvcHRpb25hbCwgZGVmYXVsdHMgdG8gMCAoaGlnaGVzdCBwcmlvcml0eSkuIEFkZGl0aW9uYWwgcnVsZXMgd2lsbCBiZSBpbmNyZW1lbnRlZCBieSAxLgogICAgbWF4X3J1bGVzOiAxMDAgIyBvcHRpb25hbCwgZGVmYXVsdHMgdG8gMTAwLiBUaGlzIGlzIHRoZSBtYXhpbXVtIG51bWJlciBvZiBydWxlcyB0byBjcmVhdGUuIE9uZSBjbG91ZCBhcm1vciBydWxlIGNhbiBjb250YWluIGF0IG1vc3QgMTAgc291cmNlIHJhbmdlcy4gQSBHQ1AgcHJvamVjdCBoYXMgYSBkZWZhdWx0IHF1b3RhIG9mIDIwMCBydWxlcyBhY3Jvc3MgYWxsIHNlY3VyaXR5IHBvbGljaWVzLiBVc2luZyB0aGUgZGVmYXVsdCBvZiAxMDAgbWVhbnMgMTAwMCBzb3VyY2UgcmFuZ2VzIGF0IG1vc3QgY2FuIGJlIGNyZWF0ZWQuIFNlZSBodHRwczovL2Nsb3VkLmdvb2dsZS5jb20vYXJtb3IvcXVvdGFzIGZvciBtb3JlIGluZm8uCnJ1bGVfbmFtZV9wcmVmaXg6IGNyb3dkc2VjICMgbWFuZGF0b3J5LCB0aGlzIGlzIHRoZSBwcmVmaXggZm9yIHRoZSBmaXJld2FsbCBydWxlIG5hbWUocykgdG8gY3JlYXRlL3VwZGF0ZQp1cGRhdGVfZnJlcXVlbmN5OiAxMHMKZGFlbW9uaXplOiB0cnVlCmxvZ19tb2RlOiBzdGRvdXQKbG9nX2RpcjogbG9nLwpsb2dfbGV2ZWw6IGluZm8KYXBpX3VybDogPEFQSV9VUkw+ICMgd2hlbiBpbnN0YWxsLCBkZWZhdWx0IGlzICJsb2NhbGhvc3Q6ODA4MCIKYXBpX2tleTogPEFQSV9LRVk+ICMgQWRkIHlvdXIgQVBJIGtleSBnZW5lcmF0ZWQgd2l0aCBgY3NjbGkgYm91bmNlcnMgYWRkIC0tbmFtZSA8Ym91bmNlcl9uYW1lPmAKYGBgCgojIyMgUnVsZSBuYW1lIHByZWZpeCByZXF1aXJlbWVudHMKClRoZSBydWxlIG5hbWUgcHJlZml4IGJlIDEtNDQgY2hhcmFjdGVycyBsb25nIGFuZCBtYXRjaCB0aGUgcmVndWxhciBleHByZXNzaW9uIGBeKD86W2Etel0oPzpbLWEtejAtOV17MCw0M30pPylcJGAuIFRoZSBmaXJzdCBjaGFyYWN0ZXIKbXVzdCBiZSBhIGxvd2VyY2FzZSBsZXR0ZXIsIGFuZCBhbGwgZm9sbG93aW5nIGNoYXJhY3RlcnMgbXVzdCBiZSBhIGRhc2gsIGxvd2VyY2FzZSBsZXR0ZXIsIG9yCmRpZ2l0LiBUaGUgbmFtZSBjYW5ub3QgY29udGFpbiB0d28gY29uc2VjdXRpdmUgZGFzaCAoJy0nKSBjaGFyYWN0ZXJzLgoKIyMgQXV0aGVudGljYXRpb24KCiMjIyBHQ1AKCkF1dGhlbnRpY2F0aW9uIHRvIEdDUCBpcyBkb25lIHRocm91Z2ggW0FwcGxpY2F0aW9uIERlZmF1bHQgQ3JlZGVudGlhbHNdKGh0dHBzOi8vY2xvdWQuZ29vZ2xlLmNvbS9kb2NzL2F1dGhlbnRpY2F0aW9uL3Byb2R1Y3Rpb24pLiBJZiB1c2luZyBhIHNlcnZpY2UgYWNjb3VudCwgdGhlIEdDUCBwcm9qZWN0IElEIHdpbGwgYmUgYXV0b21hdGljYWxseSBkZXRlcm1pbmVkICh1c2luZyB0aGUgcHJvamVjdCBJRCBvZiB0aGUgc2VydmljZSBhY2NvdW50KSBhbmQgZG9lcyBub3QgaGF2ZSB0byBiZSBzcGVjaWZpZWQgaW4gdGhlIGNvbmZpZ3VyYXRpb24uIElmIHRoZSBzZXJ2aWNlIGFjY291bnQgcmVzaWRlcyBpbiBhIGRpZmZlcmVudCBwcm9qZWN0IHRoYW4gdGhlIFZQQyBuZXR3b3JrL0Nsb3VkIEFybW9yIHBvbGljeSwgdGhlIEdDUCBwcm9qZWN0IElEIG11c3QgYmUgb3ZlcnJpZGRlbiBpbiB0aGUgY29uZmlndXJhdGlvbi4KCiMjIyMgTmV0d29yayBGaXJld2FsbAoKVGhlIHNlcnZpY2UgYWNjb3VudCB3aWxsIG5lZWQgdGhlIGZvbGxvd2luZyBwZXJtaXNzaW9uczoKCi0gY29tcHV0ZS5maXJld2FsbHMuY3JlYXRlCi0gY29tcHV0ZS5maXJld2FsbHMuZGVsZXRlCi0gY29tcHV0ZS5maXJld2FsbHMuZ2V0Ci0gY29tcHV0ZS5maXJld2FsbHMubGlzdAotIGNvbXB1dGUuZmlyZXdhbGxzLnVwZGF0ZQotIGNvbXB1dGUubmV0d29ya3MudXBkYXRlUG9saWN5CgojIyMjIENsb3VkIEFybW9yCgpUaGUgc2VydmljZSBhY2NvdW50IHdpbGwgbmVlZCB0aGUgZm9sbG93aW5nIHBlcm1pc3Npb25zOgoKLSBjb21wdXRlLnNlY3VyaXR5UG9saWNpZXMuZ2V0Ci0gY29tcHV0ZS5zZWN1cml0eVBvbGljaWVzLnVwZGF0ZQoKVGhlIG1hbmFnZWQgcm9sZSBgcm9sZXMvY29tcHV0ZS5zZWN1cml0eUFkbWluYCBhbHJlYWR5IHByb3ZpZGVzIHRoZXNlIHBlcm1pc3Npb25zLgoKIyMjIEFXUwoKQXV0aGVudGljYXRpb24gdG8gQVdTIGlzIGRvbmUgdGhyb3VnaCB0aGUgW2RlZmF1bHQgY3JlZGVudGlhbCBwcm92aWRlciBjaGFpbl0oaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3Nkay1mb3ItZ28vYXBpL2F3cy9kZWZhdWx0cy8jQ3JlZENoYWluKS4KClRoZSB1c2VyIGFjY291bnQgd2lsbCBuZWVkIHRoZSBmb2xsb3dpbmcgcGVybWlzc2lvbnM6CgotIExpc3RGaXJld2FsbFBvbGljaWVzCi0gTGlzdFJ1bGVHcm91cHMKLSBEZXNjcmliZUZpcmV3YWxsUG9saWN5Ci0gRGVzY3JpYmVSdWxlR3JvdXAKLSBDcmVhdGVSdWxlR3JvdXAKLSBEZWxldGVSdWxlR3JvdXAKLSBVcGRhdGVGaXJld2FsbFBvbGljeQotIFVwZGF0ZVJ1bGVHcm91cAoKVGhlIG1hbmFnZWQgcm9sZSBgTmV0d29ya0ZpcmV3YWxsTWFuYWdlcmAgYWxyZWFkeSBwcm92aWRlcyB0aGVzZSBwZXJtaXNzaW9ucy4KCiMjIFRvZG8KCi0gQWRkIEF6dXJlIGFzIGEgcHJvdmlkZXIKLSBBZGQgQVdTIFdBRiBhcyBhIHByb3ZpZGVyCg==",
+  "version": "v0.2.0",
+  "download_url": "https://github.com/fallard84/cs-cloud-firewall-bouncer/releases/tag/v0.2.0",
+  "asset_url": "https://github.com/fallard84/cs-cloud-firewall-bouncer/releases/download/v0.0.2/cs-cloud-firewall-bouncer.tgz",
+  "status": "unstable"
+ },
+ {
+  "name": "caddy-crowdsec-bouncer",
+  "author": "hslatman",
+  "logo": "iVBORw0KGgoAAAANSUhEUgAAA+gAAAD7CAMAAADO105+AAAC91BMVEUAAAAAAAAAAAAAGAIAAAAAAAAAAAAAAAAAGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/0PkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABO1Pc90P8MrRk90P890P890P890P890P890P890P890P8Nqig90P8Apw9G0v0OryM90P8Lph+B3rwApg4HrR890P8AqA490P8ApAc90P8ApAcXtTsRryRGxm4AfQIAqhIDfw0Vt0MCwIm37NYAfAAAfQMAfACp58qg48ICwYuV37gAAAA90P8zNTAAfAABqQ0BqxAAoQMApAf///8AoAEApgkAowUBrhQBrBK6vbYBrxcApwuCgoLh4t/a29fc3drf4Nzs7Orj5OHX2NTl5uPn6OXS1M/V1tLp6ucAog7LzcfGycMFsRwCvoEQtirP0cw0xVcApRYvwlDw+/QBqSk7x1/Dxb8BqzEUty8qwEoBrTi9wLkJsiABrz/r+fECwYz0/PfAwrwvvcUYuTQmv0VXWFU4OjUbujgMsyPk9eTp+Ow/QDw0NjL4+/nb8txDRUEjvUEeuzoAjAMNtCbu7uxQUU99fn1dXlxvcG7U8NUgvD4Cw5V5eXhpamhjZGIBsEba9ejP8uIAphwCu3QApyAAkAn09PPE7tpKTEji9+4AqCSo4Ks0R1eU2po6PDt0dXTH68ix5LMBt2Se3qK369HA6cLN7c6C1Ii55ruKjIozja1dyWYBs1QBgg2L15EzYHZSxlxozHCZmpd50X9IwlNxz3citzIjriYNtVE+wEuo5sU1vUIsujuqrKgorT8ZriEZtCo7yfSU4b4nRSU0sdkRk0YzlbcyVWY0pcqQro0Kiiw3wOhJwu80iqoKkxwzaoInsqUzeJEzf5wepX10krMXnGHF4cVihqRgcoxmn8PC3sEzh6YBnj9Ut+Feq9KBhqI/x4Q0xNpb06MdozAKbgosNv34AAAAU3RSTlMAy4IG6ruk4wz8MfcW8XRkEJNv2cMk0rI4rItVXAybex4qQEbeTFBqH/L9zpcq4lo/u3ogqJM0eE01/WOth7xl6G7T3FT57OKpSbbmyl51xqN9dJdQW+IAAEF3SURBVHja7NtdasUgEEDh2YjvilFjCJKXEO4eZv9raaG0tC+Xtjf+JJxvD8McTZTGTCjzlo5lX7OP6nxep+WRtrkEawTAxRk7L6vTp/yeAuMOXJIpafL6e259zIw7cCXh4fU/3MSwA5dgD6+viHth2IGR2ZT1DHEJAmBEJkU90W4FwGBK1rPFRMMDA7G71pFnATACc0StaOK4DnRnV60tstaBrmzWFuImADoJWVtxjDrQRfDakksCoLHitTV3CIBnrr3Nv7DVgWbMpL1EPrYBbWxOO5r4XQ6oz3r9Oy7ggUtZtD/PexegptnpEBYBUInJOgpXBEANZZB1zlIHfrjd6fw7z/U7IHLbbCffgU+3znbyHfhw72wn34F3t8928h04WRgy28l34Eyzjm0VAK9KOroswBt7d7PTRBQFcPxCAUsLIiBooaCCokbFmBjjxvgQ93bFqkk/pvSLyIIHcOUCNtB0Uz4WtMvGhWnXdUPCvgsSoiRiiKYJdgFuPXNLh4GZqZ1pi870/DY8wT/nnjudAVnzGg6v5BBqnjfMDGaxdIQa8JKZw2N8nw0hw16w5tg7KZdKpePj418i+Fsun54csmbC0hEyZuIJa9BJybexsbG9vZ3Pb4F0Op0Bm5uby2B9ff3j+s6P7wfNKR4fqCNkxMQsM+6wXPCBSud53nkaiJnLOgfJZHJ1NbnzfZ81Cj88g9BVdn5Y8lVB5qDaeUaj81xuZWXNs7bzZY81Av9zE0K6GTy3l30yNY/tIMk7X+Wdc7mjA2YcfiEWoau4hzv1ycjX87RW5zxz3rnk02dWD7yRszrHkBY3uTozQ1puEwt4ynQ78QHFOJc6r3Vsh84v+Gpwrj/G5+kWcp1q6SBXp5tq6STm94bp9dt3kfK2XcocnGUOVDrnjvZZnfCXMxaFobfcW6agK3Og7Fzr2A6dq/pkJPUnBFkFht5qr5mC3sx558pje2Yrc6Fz7cx56gesLviGiyVh6C32iukCmdce54XiYiCazSayqag/EAbxRW9xt7CdXv5Ys3OQ+8L0ekqQNWDorfWI6VH2aY7zfMEbCGUTcyCRigrhOIDMAxVBkSAIwfe7W0kPaOQAj1+isCAMvaUmHrP6Hfo0Ovd55yFxLhsJxmNxLgykzIEA/Fy4mM951B3tscus98MZW9/I7ekpx0ifnSAM/Sq8ZPUrqXZeWAxB41xiIRiLQeVS5orKuXkQiQjFLY8qved301y92xzuQVd3x3CXk55zdg13Dz6cvkvaHYbeSs8ZZ2ycg914du5MNhKOiSqVKzIHPHJRBEQj0Wg0XFhRO79LQ90yV+83poYmO5y0Bueo67rDRtoXhq7wTxb0U7XKpVEeEmKcfJhz59NcEDP3S52DBRBa2vAoHTA93pD/mn285z6tT7/r4T3SpjD0FpplnJHL9oI3Ic3y4JK8cq3VHCJXZL4QAh+WFaX/ZCrM+M6qfdzlpLpc65lpy8GOoetmG5lyT4/Ym7mgK4b5u7mqUCBWoZq5wPlFyswrUqnQUkb7+G7i38Lyyg3oGmvDuY6h6zTl6qVc97hNx4KuZz0vBquVJ6Lx2plzisp551LmokDec8k+M/ma/gAqN6xj4AZpLxi6Lo5RKnJS0bUHxhd07c53BSlzf2xJ1nmYk2WuOczl01y0AAIZldLN+zR9poM2xjk5QtoJhq7HABQ++tBxg9jvuW9SSsdsRNOsoc4Li7LV/O/TXJG51DmvXMo8Crxrl0s37Zo+Pkob1zvZTg/dMHQdOmGKT1+Y7i6i5amhzotZaZov6djNlZVD5il55iAyX7hUujnXdBtk3hzOwT7SLjD0+j2g9GYfOWfvoXSIqHtmpPOCf+5MKq56Zg/WnOa8crVpDiJgfj6eVDxmM9uP3m3uYdo8zs522dUx9Lrd7afDdtLTLXKNDdgIsXXTXgdRNWug811pnAf1DHOgvZpHF6TMRf68eumm+d7M7VHaXP1u0hYw9LoNUidUfU16IDtDSF8XdTV04+6T8Urbefwvmfs5xWoeUgzzs8oBr1xU9Mh9M9fNu62zlzbdrbY4v2Po9bL300kiC51nf5329hGlCf2dF+LVzqOyQ/ulF9Rkw1wxzdXP7JHzYc4Jwjv5nVyOXfCffwAabkVaoWucWB+GXq8BSh2V0G8Sm2NMfJIOI72X3jH+U5myrPNotXNBNs71T/OU9jQHAgjGc55zX83zdgsf563RY/1NHUP/w965/LRxxHF87PVjba/xLn4b1zbYhlZNX1FV9VJV/RtmfcoJiVcJgSgcuHHJiQO9hMiX8jgkHCsOFpzJBcl3DpGiEimtIqJKbVW15y679jDGZj0zO7NxwJ8c2ksIsvjw+813fjNDSgHGQVt0gxSEUfM7TzMncf9ini+1PZ/Hh13n+muOLO+u5kjzWaT5/AUdkdy7DyWPQ+VcBMEyuOEMRScCKY1ET0MYkS709zAncZjniyiGu25tjs+0o57dANMcr+Z4BNe2vCX63BxmOh7IDfJN76icCyIUAzeboeikVKCGiZ6xWndQhD7W2yBnLllAnvc8ubJgNx3T0vxHO8utnt1k7oKVA8z0lx9AHienISc+gJ+0NkPR3ws+mGuJ7kunzUhuxPz8omxJHH4wdQ717bjm9vtpBl1BO5bBYQkc7vmcxf0V7KD6iU7KF+A9oXigeAI3+lTbUHRSPDBgid7G9F6DKcYkrse+2hLZftqj0+bxzt7+5sETQ9Of6tv7ezvHzdPHSw9xzU0wyzHP7xus4xNyg57HJePQDRI3OZIbik5KFnpw0VshXBqmWQ6z4CfQm2gcDtcc309Dns9uNJ8f1q5l0zj4hiVw+NLcAEluXiyJ7adv6YN9uCXjg+4Qv8HD70PRSfHCkGKJnlIUL7Rm4tQozDEUdHwk7vjn9pwMXsxbYNV8obmLLm63Y3tm7YrnncV8xRR9eeUYS94HuqRXI9AtKjd3dmYoOilJa1EeND8ZKWX8RwJgCsJxphX6DGIFLdC7ijmm+emu9RwyEfXmPLL8as++YrJssMswIPcDcJ1YCLpH6sZ270PRKb7JitwW3Uzdi0COQz/DqTU8iTtte/4Qed512nx9D723RMrmaVcxNzEtN1l7xDI2A9ymCF3Ff1MTuaHoxJQhDCDRgQZhJFmAsOqwoP/Y3lkzVOx92ryJPYdMw9F9bGk+h2lueb621sRK+qAG73noMtkbavpQdHJyF827agAMJFVVihBqTC+nohX6DkrcZ6/ZT5vG3lWjpdlRzVdwzU3q9FtsnwBXmQhBt9HAjWQoOjmSB8KA3HEc3SM5LOi/tJO43k378i5LOUc8edyh+XKH5o/WprGpmYE825JkyNuD6YDmHYmNlcuT+amiN5uizfKK4CYyFJ0CxQ9hsKhY/18MQuhXQCd3qQr6zs4GVtDnu/bNZ2fqjJ4jnq9dreZrLR4Z7NXavB3Ekq7EIRXxwEhZAV2UysUEeWcQqoKbyFB0GiQvhDAUTxf88dDFNyexDcUdtz2feYoKeo8huGmb55C3DhuNs5O35+dvT84ah1t2/XurmlueI8tNVge6pEsJSE7Ib3uxq1zVKrfZ86HolIQLEXSNaJh1yh09h4wi96Ue0zGnpueHVz1vnP/aKzp7+frdWe9ZmhlUzHHPLdGP6PfSPwduEaCxXCG6qfvWej4UnRp1rFhIF4pjKuhGJ+IP9Ewqitx7zLoeW57jmh++e92n8L56cdajfV/pXJsjzVdXN2oIfdDeVy1CQqJFBZChjFRuqedD0XnypU4E8ryJnmPpOrmy+Pxq2751TrYH9vL3Rtew3Nql5cYfy3LDc4N9+on3r4ArVIk1VwE5Usx3Kz0fis6Tr4hFv9D82dEyiuKuHkNd2L7i+dtXOjlvzq8s2g9X17qqucU0FscN1BysGuSrOUIuRq/1fBLcWIai8+Mjws697fkOepKl6ya4zc7l+duXOiX/1DqoW5pj1dxifX37Su8+KEMzGiRBUwE9SuH2eT4UHeHaa+hW2350dISiuJ+vvqy0U69ju2qNNzo9L0861+lYAoc8XzdodvXuAxHHTUACKhOAjarvtnk+FB3h2ivJF5pfiL53vy364pW7Y07xtn3rtc7Gq461+jHy/BGy3IShd/8YiEaOw/4UVMCKkr1lng9F58fHhJ272bYbnh+hzv3KfY+rT7C2/URn510N4xStzXHPNzY26Xv3u0A0OdgXn7PgLB+5VZ4PRefHXcKCbpXzvT2Uuf/SeUXUPJ7CvdOd8GsNY+PS8/VVy3LD8w363l38dFw4BPvhURxfZ3GbPB+Kzo9PdCIMzU3Pnz9CS/TOi+D2nxyi5fmvujNeY6Lvrl7R3OTxY9qZGfH3wUop2A+/zOGCKp6eq8lMOKkC95FL48a/rMjvVXRJTYYz4yVFugWif0YYkrU9f/4UnUTHNX+4itXzV7pTXuHNO+rZcc8fb9KfSr8DhFJ05yJH1Y88HwMsKOX8qFcLpD1xX/sL+eIef0DzjmYkIBZpPJ/zpypR1PuEgv7CyGTJXdHlzFQhkQpGYZtIPK1NldWbLPodnYi/Dc1Nz/futTE1R+8k1lE5t6nnTDW9fqm5JbmhucEx/SJdByJRoy4dJZWyzJ5L47GAbWAYSXirogp8KVbwRGBvKoV8yR3RMyOBeAj2JOTJVWUW0bXgtWicmsXgNYQBIToZO2Y5N5hBWVzH7c2nl0My5zoPzmuI5iquucX042m66yfEj8EWXTtIKqVZPFfLXn8UkpDS8iXulo94+uYXo4po0TO5ILQnlB6T6ES331WNqEIvMokDQr7RyWh5vr9/+Xgq/hTDg0vPz3Q+YNPv3ZobINGJOgjxY7Cyz72rIeQEpedyvpCCVPjLPC0fRZb3sWxSEid6OFeBJPi0MG3rbtMlTQEOJOA1jAJCvtPJaHu+v4hER5YbHCPPay91PrzENtPbS/N2MTfZpt9J14E4Rt281k32UHguVbMRSE8qLwEuhLOQnPiYINHHUpCcdJhO9BGbjxE4Z5yyX2DP3P81NDc9332KQnf8nUTDc1ReefE7Ev0QaW4w3eYZxSPK4mdmpCC0paICnqjEBTdTiEJGgkXVPc0RqUmuoiPN6ciGaURXIvBaMgLnMwqc59z1P9qe795DomOPHm9sbSHp+LF1GbxjTTuiSZHGiZ93j0FbouPgvVBNQCdEtZJ7miMSSc6iT6YgPZpMKrr9JQQF50XE5/iXyJc6GX8ZmpuezyDR8ddQ97doplfok/fnSHMMmjRO+CJdikM7QmXwHpBiceiUyIgEnIzsMhGZ4il6JgWZqGTIRc+IjOPyzj+DOzoZVjk3mEaiY+8kLmE3rfOkUWuDNMfZon9CWQeCGIO25MB7IBaEPEgkmT8UH2TFXyIQXfjL1TmJVHSQYo/j2KO4GO+xOH2/5fnmfbS7hj2HSjuOSj8K20SWY6BHlF/oBIhdpNsXjaAMXCfjgZyIxAALagA6wJfhI3o4BR2QUEhFn2KO49ijuKjMe4muW55vbm7+jEQ3NTd5WMfePeQKEn17ugf7NQPKnfvvgRAmoC2TwG1KlJbxb0jKDvuJyCQH0aWREHREPEkouhwVFsdpzjdsvyQWfdfyfPspEr0lucEiNnbOl5Nam16iP2NYMHwKhKBBO9LAbWIRyJWsDOiQNOiYUceilxLQKb4MmeigICKOs/8VEua+RP/N8tzgHhK9rfmDh6fUly/Tj7yfTneDhmAbOjlACD7b6LoE3EXNQt54VECDnIYcKDoUPVmBzolkyEQPw2uJqkKiuATgvkT/r1XPt3c7RH9oiv7gGYNwtL37znQ3p/T7a4JOsGX6VCZ3yQQhfxISIEdNQC7EHIke9kEeRMeJRAc2mUhMSBSXB9yX6H/ubpqebz+7FL1l+YOlpTr3zh1xYrtIZxH9ByCAnG0SJwFXqYagCNISIEVJQT6Eqg5En4hCPgRLRKLnbfohEVGcT+a/RP/T0nz7oImL/sDUfGmRf+aOeGG7SKdfMghapFcG6VE0JQKFUAAI0R0zIpJllmeS38cQ99iJThLHhQEzGoeE9AdK0Q8OTu/hZ1oMzw2wwsqdN2Siv9HJAfwJQyhigcbeX4ghz/7EJDusoudD0A28ZJ97QUAUlwTEfK0T8pdVzw8OpjHRrXK+uIhlYvxBLjd5if4R4I53sN4zFlXSo0lAgBqHBIgWPcPsObvoSZuPTuYexfkBOZ8Qi25pflBfvxR96YJFgz1sO5s7Z3ZpHMPgrZCRmZTdMpMscv8gSrpHAn2R/JAA0aKXfNAdvGSH3GCMexQ3BsjRyUW3PK+vYaJbms/ObmPnwrnzttZif7qbJ/QzsCIun0hCG7KAiA+ipMMil18y4kWXPdAlvIRz0B7uUZzE8YkWxEnL8/o8JrqpuQHjgRbKs6oH093U6UUXMRs3CqHjqagPo6RHFNJOUzwexgdtBYou+bjHcRqPy+o+00nZtTx/8mTxUnRTc4MFLPvmz2u7NO6ApZe4A3gTgAiiX7ziUaKQHSeBQ4aglxAvehG6hpc0rClwjuJKPN9iQmwbmpvPJ/54eRx90bR8dmGeKXTnErszLRo+B7xJ0e5JiccLxRBKEj4xKR4P48EDkaKXeMdxeS5T1d/p5KJbnh/+cim66bnBupATLQhM9K4TbOjG5991CgBnpNBAHWchKelxf1bzTo1NjCvKeKaan8olSCtxlqDRJCOYSAc0b66Q9cf5ii5RfL2Q8UkUchd3Xyd8HEQHaS5xHMG0XRVQ8KlOLHq99XziU0x0U/P5+VORu2u46I8tMN13ay3+0YlB+2uu7KJHZECH+JKe0ibVHnaEpwJRiGDbRMiQ6pUulhW8EZgYDUQZRWdv3H2BqYwMLlGqRX/IoehVvnFcmM+0pU5Mo/V84k/3ED8umJ67LfqG8ceR6Pyn3fMDdW7N9pL5eGFMsfk7oxXqn2wcyUNkuT+mgm6kyWyEi+hJoi8TDZR7uaJMJRyJLgW5xnEal2nLj3RiGu131TDRTctx0c90ERxi98aZOBb9W8CXHOTUrwku6b5i3wBHwq6Yo68loySa21xCpxajHET3kxTzERlcRzJAJTp5O6Hxi+JCCudnVJHo7WdS7yEemp7Pzc25J7p1u/u6U9HvAkYYfrKSgAKhJT0VkwAJoyFoz6SDqD9U6BPmeSNORR8jqOZFGdgxnmUXXQlxjONifIYzPtOJabTfW7qHeGBqbtAUK3oDzcCuWzgWHe2viT+LHgUuYldb0mVASrgCbUmzb16n+nevit+Z6HKwf56ogn5MVFhFB1ny9o49iisDGr7RiWmY5fyq6HNuiH6Gi7568WcDS91ZRP8acEWBcCCe9r2+pEcK4xyvrYhIlDNcCE0maikiTkQf6VvO81zvu/NS7O15eEVxFUDFlzoxDctzXPQlS/P795HoJ7oI0In049UWGw63174CXCkP3i56Z0n3UGiOj6tTlpNCP8NIy1A4zi66FOz3t5KkEWuERXT715nCnKK4EUDFtzoxDctzXPRFS3PhoqNh9xk+onM/kR4boLtlOlB96MpiSpSKbWFmmq/3hTnfW+FhWaEnVEDKRJRN9FFecZwcZRxEZh+MQwtlXHRL85WVY7Gin6Pja49aOBX9E8AKdbM4AWgQUdKDTN/CeNRu2oZlFi9IE0uqHlbR+/xFvwzIyUSZRFcjZHEcewUJAATxtRPsos9ammOiv9VFgER/1hZ9nVF0BECInjZVwPtE9sGsApiYhDaU6N+SDZYoX4tlEz3D4zYsxLiPRXQQ4BTHeXiVj7s6gkH0BUvz5WXBor+rtThaG0zRtcEM3S+YigESaEtjlfrpuUgY0KEEmUTP2of+Mm38EmIRPcMnjgtzew/ijo5gEX3F8nxZcOv+T63F3lqLARO9YNfkfrBUKYfj4hwuocIJRxhETxJckEPFCIvoIMUljitwCX7QRVLMos+blosX/QVv0XkPu2cHc3cNwb+kp2l7Zo3jYDHCQ5sTVAE9WRbRYzw+CTnK7c3G/7k7d96mYiiOn/toyLNJG5KGhkcehIJ4CJhYEOIz3KvuSIAoUKjK0A/ABDtbYYK1QmJgBqkLOwOqAAELCJWBDYkBp7mVGMDYf/tYvvxER8Sj/cX238fnnEkFsOhXM8/XnIl+K+OOX6JPSTJeyi8jyYFbU7F2RAAFfdEDk7FSWP1NKHcUj+PqwJWt7PEaLvpE8zVnoj/3VPTAwyctFogkmXNDb8bkAHxpqyt6L5EQNwihC4hOMxYOMYG9lkWnUgEs+o2J5g5Fv51hLPpRgtE7nRYox8xJKvg1FMP/F6Z1Ra/LYwKMKUD0svkmr2zxOJhmYKLfFpq7Ff1Gxh9Ef5mqY1v02KdOzxaZ1eiDtyDLwKqEEbU1RZ9LGE5R/ZK+6CS5HewbRnF1cryiTzxfXVt1JfpjT0WvyI6FOaasEWvNsQyqGemJXqyw9OicAUTfb/rhX6wBh3yeM/qtiear7kS/mrFqJrrtM7r0pyDPxJJtsLpilSrBHNYSfZSwxKItQPQoNozj6sDnBFPqPvZc4E70Rzvv38WXZ6LX/tMVXXI6ndVQ7CBXH+1AZ+ntEs6cvug0bxgWBMBFPNM9utDcuegC/0Tf4+njNcYCgVDjcq1MOMWajugB00DbISB6y2xzUQZ+M1dlXKb5nTuuRL98LcNYdLJK268pLfaYUT5n7uMqJZjREb3CNdC2CZzOpoziuIPAdoCr1n2iueCyK9GvTBrJ+ya6JGGdojwTKl+YNbke6g40RG+xdfSaB0TvmsRxjRowEp3r9VrmuWvRBZ6J/p9WxslOyHPqje1bbFU7gXpQcJiMGACiG8VxC0Dow/Ue/UGmuUPRr2esGYp+jACgcug25Zn9qh9gZUAx+w8JptnqGaIacLESGsRxbeRjU95hBhddKO5W9Bc3M0xFP05WOSgrCs8zXcmrPODWGKKuLnpBofkVyD5A9F4J3uh1FI6CWM84XHTRsNGh6Ms3lwWmop8hAOgEV4rIY6Jqqyzj70tkrLx4HSEzehLRlUP3UpHv4yZEbuX64NLRJYisCywuurDcpejLK8vi1++iPwREB7vAYqM7++Qbxc7CeNBYcDiuJDCx8oLXIkNqyqJX+NoCdBDRh+g+p1GBJvPK+7rDom8IzR2LvpJhKvoJAsCqOrrkEdXhdKEpyc1g0QOF1tAogaroVcZHhA1E9Ojw3+O4CIriQsI4mgpg0SeWiwlJzkRfWloSmi+t3DIU/SxZZX8eamCjYSEr7GEQvcmYRhZURW9xFijGyHf4EBjHteGR6PLZa7joQnOXoq8L08dfpqKfI6uUE+8rZlphZjmP6DHjO91pVdHLClrBTCGiV7E4rmN/Y5IKcNHv7Xh+15nor9YzTEU/SVYplvxuGles700EjKLXAA3M29EGypfdHcablRAL6/vAnzUilONpiot+bwcxyNit6Bt/FP1dqsEBskszgfNeforzQkNe0SPOARYDVdFHnJHoPCT6ADlNNCr26/XPpyks+vpEc8EjV6JvjFnf2LhtKDpZZh/8DJqfTjNhIFaNquqMB6NAuea0x3izEgJLgDRAX5DX68Olcbjodydccim6wFj0U2SZQ96mccWZJINT9B7nrUNLVfS6Qos7mFnsGzwL5AZt6Uh09H4NF31p1/PciX6CLDNKPC2CHTQTHmLVMaojxlm1gXIFLBlTx0RvVLTjuA5HrnsgNRT9ksC96DfMRL9AluklLO+mGA6WPKJ3OGfPFVVFDznn5XQx0emg9g9GgaWMN8VFXxlb7lb0BxmGop8m29S8nKcKbNsx0cucojckoiseoCqctRIhWlI3r7cHaJIJx1JY9OVLeRX9KNlmb+Lhk/RDCR+xaqnKiHG7FCifhyPWrbuUQDOOmwVGogPNpGSib+3wbZdnH3Z5spXx/j4HX7YyXnzPeP1hl6dbAl3RDxAAvHaWGsQAEB/xiV7lLFXpexHGTaOi1zWDyjbcYtO89cT97bcfF/3m58ev91NVCAEfE1YnAIa/Ep/oRc5/fMeL67UQFb1Y04rjOliJoflD1TeftzcX88Hm9uc3qQLHyTqNkm+5+6iUcBKrNryeJlOGqqIP/SuYGTOjFccVkHoM89j9x/Zirtjc/pT+k4sEgY/tGZJzGnECwFACO8+YdwfkLvsvwKL3deK4RgVfLfA07s3Xxdyx+fWfq/pJss9C4lccBwXuuOh7GKdMhqqi9zkPEIFEdDipjSPlYOUXdef2G0UVx/HZnb2yly5sL7QVWrelKFFRn4yJMT7wF5wHug273bR/gcnSILWRmlqIkLSSSIp9Eh5QqzFqTLR4IbE1GgEVCKAJLyVpSIxvPHB58XvOmTndXWbPztmes8HPzs6siWkU+tnfZc75zW5rkzwj0fz/krPXqH7HVIkubw2bmGyu+3Fhrd+mmtW5vlguer/eeVbatu08odCOy0oeiW6oSL//uPff6nPrtqESXf6N/xg9UzXsS9b2yNaevm1t9dmqMHjC2CytTr+iZwzmVP2kedHtkO//ru2yB4GYKdLf/X+Gc87afYnor1om6CMS4h1WS9lFGhBvT+eSSuWxXPSIuT6YnfAnOgiZm9E50LTooMd3Oy4iyQnNFOl3vHLi1XXKZw4faAQ/DafmWF1VS9+fskzQQWR0Wa3EzhIpgTYmuUbR+wzdSJdX3gH/y5aSRm6jy0VXH32TTEj+T40U6Y904dbvnltZOXfunXfefvutt95888tPP3njjddffz1/gJHHQS/5A8Vi/kB+pIhLvkgZoUcB50KhMDJeGKcXfBgfL4Dx8f37ceBNGabvYRwl5wM+lUqj9BhlB7uAsbFRvCjlmZmJxYkjR26sPyL7Py0t0YFcriGrhQwQGdkhC+gVfchc2ZL2L/pWc1834eZFB2Gf7bhtJpdiPN/Y89W7K5RzoFp0WO0AyWG4cyrmizhG8tRyUAS4UNFHACTHgX/aD9ELsJxeXd1ht2M7Dir6MJV7mAuONz5wy3Eqw/OZRSr68bm5m+s1pteL6S9YZggSGdGYpYDJlnufbWkWXR6zQrYxxQL+b31ENM4QUhd9yGc7Lit5souJIv1OjebLy8vw3COi5ytEdwJ7kQZ1KvoItx2eQ/ECPeNC/R6B547sBcjuBHUWz/ECpRJ1HZrjE1wHsJudx3g8L+FEbYfo88zzI3NzpxdO16heZ6XcXks/IsV8PJ6fHJUU5whtBkS3E6Ymb2Ti/kXPmfq6gambEt2O+mrH5WQ3DQwU6fer8uC7S8tgZblK9E9F6i4y97wjeh5Ad+46TC8y1YsFFtMd11k4L1DdqeZC9o30HWcAt2lEB7hA7xLshun8BVhEn5g4cvz43OnTZxZOVKu+eruFJTroIjLiCu0Uc7Mq4wOWAdFBp0QEjYrJRU8aG/SzczOig6CvdlxEd0NTPk7qr7VKW1aWILpXRP/ETd3zwnMKP0Nzajm/jFAK8J2V5/QTBIfkOBd4zo7X8DAN6q7g7MzgCTzVfEyU6G6RPlOen5+fgOlI3c9Q06erTF/7q3UlOthOpARsq0UENUinKnrE1HjMbt+ig5ChO+l2aJOi98d9pHrJhMKaeA2Pa7lV6fny0obo5x6J6KJGzzsH68ZxivTNGMEbpjvQD5DcCedI3jlOFHerdHouiSIdpg/zEl2Ec8BTd+TuXPSFhYXp6YeVpv9ruESXNH013Ao1cOM5a5sSvc/ACmC5ISCg8DeQyujao6ouOujyUVSkDXUSBTU30Ct77UsHl4Tpkq47d53Hc569j7hNd56803ehyOI5Yz+ERwuOHW7Ozv3mId3pycFvHs2Z7hxen7NLGe04iD5BU3d4fuLE9OHD1ytN97id/rxljAEiZ7ell5jy2o5dlinRc4ZWAPcQFdGDhuZ/dG5a9AEf7bis7v6C/AbbWkU8r/FciF7djWPR24nkOCOoA9Z+g+DUcByI4k4gBxAbn5w2uyjMcSrh7SbvaMpxqOfA7btTzV1myqwbh5COxJ2KXmP6LYXM3WQoFQWyTtLZpOLvVMo2JrqdMvL8uVhKKrpK9TRoaxw4rV4ODTb8HswZ7+M+W6fjDs8herXp+76+8s2pyWNgknJy9iTnPcEpzoeMH3744RvK94wLFy58y/iKcf78+a8ZP4MfwW/g0qVLv4KfwC/g4sWLf4KrV69eu3bt8uXLN2/eXJyfKfOYXobn8zSizyF1X0CNDtEPHXoo67w/Y5kDXshJdVj6QDrZmVRbWr3TMiQ6iBgpWnYTJdHtkJGn4HVpED3dsB0XMT908GnvgL58EAjPwb0rs+8fe59ZTj2fBTWen3LglsNzLrqjORCan6dUaA6o5sDRXHguNAc3J6jmZUR16jlMX2QRnYp+ZmGai35oXRLSn7UMYg8SOdmM1rkSMF3pV2rIoOhPmLjjkAkpiC6VBQzG9JVk6qIn4w1+QDJhfu/ji54B/e5RJrow/d7n74NjnEkwO1mr+Xs10VzEc655ZTQX4bxWc1CjeWU4n+fhHPASnTXdkbmz22sw/TBMP1w/pD9tGaWNyIGZeudKdGZUytothkSX/yKDdjObbQNqOVVQ44Ji9R8badCOS7fgebxPebbcDx6t9HzpO9fySRxAhPP3TtYm7SJrZ55vRHNJOGdZO6jUHHhl7W7jfRSizy8CJvocRKee05D+sG7j/UXLKHaUNGCwQ0+RkCCcQEbhNyqpb/lpSO2ewxM6FwQIAmqTfhIdRmZsBjdd6PeabsUJnhP30CsDOhedm37vJDTHi4kOy5npwnOf4RzUy9qBR9YORNbONHerc96SK6MZx3txaMahG4fUfZqZvrrRZ1BYLWO+SgchSVhVFdDb9LBkx6i2UiSk5kMoaaljBxRFB+3atxZ1JHSIDjql7bhcS570s/fRzH31qBAdnj84Bs+F5pV5u4jmXppzy+tV5z/LmnDcc6+sHYdzQkTnqfscv7027UT0qYd1cvfnLNN0kUakcpvOG5DRSkzv1DbdfEhiruIS4LBtYEpOQJ6DaHl4WayTaBJ9m7Qd1617rqV8vfu/GwH9bIXoL7uaC8tn3XjuUttr927CAa9wLjT3qs655rwJVxqr2rxWZktgj2PBDIp0nrpz0+vsYttrmSaZIo1ItFmbItZVUwDH/K50j+lbARRSXS/U00y7UV10tLT0Tu+LEF2iZxKSH5GMt2aD8wuOCRs573KF6A94F054LjSvtRxHTdour84lTTjvcM5fgJ7KYzMzNffREdOh+dTURuN9TW2gu/l+HOhK6nw6Kkz3mSJ26FvTG1IuW3pVC/SEuuhgp94bnNuIJtHBTkk7Lq2wxknDXtV3qzJ3t+t+b5IV50L0iptqOERxLsK5sFxU5z7COZDfOnf1xrmi647ba7REn6M1+gka0rnoFatmbpta/qoeBgWhpjupdl+cELnp7ZpmodqdUtFVby4m1KLpk1HSkID6JsJsv1pWEdclury32JuVPBJdK7Ul+trZjYj+kRvPRbd9lnfhuOcQ3bMHByTRXF6dc81FOJ/Zg3C+MXeCV+q8Rl+kRTrbvSZ6cTD9kGeR/rxlHtG8kRPJNPfDvS0Ox3y1Cfr0bbAPqUe/+JBKPA8RNdEFYY23PdqID4Ia5gpGNXYV5LxaM3Bi5ayI6C/z4px320XaXu+eGjxniJVwnp6rN+FKYAyiAxHXy/NlnrkjpJ8R99FZSN+oQe5oaMUZeORZtM1Wr86DCR+9roieJ0lsiauKnkkRoGUv/PYUaVb0ASIn+qTCzQ29orcRVeJJSzM7akRfFhH94KwbzMUqmQ+//unitevXL1/+3Q83pOy5scebsT3UaLjNX8xsnJ0r+8gWzLgRfeHMCaftPgXWPUR/yTKMSHl9Maiour07JOtqK48ilJPMEjXRQU9DJ2yfRiSIsuiCRn/8KZ91U2wr0Sx6LEUU6ba082J10/2giOh/c8+d8hyen9on9qNX714Dzl50dgJ8/xqfPIGj4GxvwQsb0ukngP0tYo6UM2qGb18rYciMO10GB4fGc/5296k6t9eQuzs1OqgU/R8zq+LkbST9qtu9cvO6bFFX6tiUnQkQddH74w3V7LAak+wm/gg0GTd3xvz8LWaJP4IGH6uRs7Szo3pd3FFH9KWDzg4WHPyu2vl3vGbGifkTxQNsXJwzHRKK40RHTlDVceYjImE49MbVHRc3DMnH3ZFxuHBK/FyC8DCcR3d6heZiaNwEHyWF1F3cR58CDzfWxrU4oIMh4pfBtL8g2x+MEuDL9A4Nc1Zi7UROqMlf5MRuu+Hq3ijZlOh2Y0OzOYWmp0bRnyRqZC0DvFK1o+Wsm7o/qLh7Dj7a5zEc0jnnmefUd+DMm2DgI87jMJ07zthPP/BYzi84sAOdms5OdJcq3qNsjBSOEhWdwne0AGf32hHsXmPNONf0qaq2+61WB3SQJv4JpPsbWberK+4nzXMVkiSInba/vD1MFERXe+JbVl6p59oV/uiUF5sKwlukmrdFCdEuOmgnSqQtA+yoFH1ViH6lwnOwz3vwhKM3U74Iyembj5FCFGchHRRHxtk4KQomUHDR+TwpMe7Z+cB0h+9489kT7I0XE54juu50BexxRHSxYMZT9L1WC9lJiJLruUzdIJAOJwhQML1d/u80ZnuUKIiu/Kzmzl67nmC5sNKfW9OLXEBX3ewm1jZIFAgae5Z1ImmZ4Jkq0d0a/QvqudiT+rfnhBmetfOLKNHZIeI6B5rjGHGnT/CDX3hxDty5cXwQ7Ojw8CgubOQz78OJSVKjZSE6Xxm3IBXdaiV2mCgy2N23q79KgMz2tp4ub+XkJXhfwwxfTjpOlERXD1mpyIDt8f2yNUqUCDS1PFEw2OMR1u2h7gRRIqhh+FxLn+S1w0v0e7Q8F/H84z885rrzd9654Ow+vgFdOFxY6g7cKp2Pk2KD3XkbriB0Z+NlgKs6S9zxGVcc9MRMx6kkVsC699ER0Z2Fcd6p+2tWS8lkSTMkQtlAuLs73N45GCKqpLb4eWhMuEGlkAsQH4Q2+3THUDjY27+h5kBfN7Vch+hgm/+v1/RAUljY0dsTThFVghpGY0k6Kgb4j71z+ZFviOJ4zfQ8untmzMOMGYwxT8QjEu9XRLzfr16Ymeg20X+BjSAWJMSCRFgIsbJDJMLa2los/SVi5XvOt+r07Xa7teq+3Rf1uX2rm9WP+DhVp6rOuS1H9D/8KRkeh3skt2Yc43mmjQOT7bQ9pOAU1oIVwWE5F+wv4RHDfQ1Y+Vyo5YovJSXAbTqu4yud4pC8vQbTub32Rn5Ev8pNli2IOlmWDocLqysbA4J6fX5IT0f9L5msHM9szlw6V2tEMRNx7y2HGv7viv+zmuJFir7VGJ7LXEFcl7NG/wOSE4j+PYrG5YhOxSl7C99AV+l0/RxgaNLxc67VtdizpOF8vefAKVWn6fj4qu4ywnQN6BhhPEUPLZlYS4qi50f0W9yk2VlqTJYrhynAREF2q/nTkF1oPqLo1ePGhKDo+ezUGhNjdvx9bsm1rihu+2tEv0eDOfgBov+cWwWWjnPq3pLfJvo5Rt+QSRo0NZW2DpD7XLfSX+pCqzzLYHtrhEGdI4/LKO+Fa6o8Gce5O+gWnQF94hytNCbJtcNd4SIre0drvbHmSi5O40Un9cn9Y89EFpsrXPTRt17ZEr0orvprRP8tRPQfPv30h99zRe9OyIGWEuo9M+0uU3jfrkUKuovuzMcxE0e4TlfPmXbHq8JL7p3T9mxZd0nGvadLdJ26s2Ycd9d6Rb/ZTYH6JGfvs/94/nzp5VevXnNYP9g52b32H69N5+KLbxQvOvc9JsVsdBGi6fUBuD1HdB/PfwBv5IoeMu6t0GER+KiuhjdlZO817dQC1X1sB01z3FqvYWBAtzk7Rl2i4y8gu7reaclE0xnRJaDnZd1vcFNh69LGpFjvTTsXzFzcbZjJiV4ZmKgoXvTR/+3UXXGsPfoX0X08V37J771miXci83fZQUdMx0DJYbjQ1G8Yr0fjziWgd07H+bm7+A4oO9wW3/FDZMeQab32ipyXYe81LNJRd+Lzz/sl425y02F5pjEZrs65WFMoc9FldooXnSz3D51TFX2/Nuw/XJE8kys6Nf8aovfvpmpL9ZZ+RHJsr6nw8rTw0nPZWNNFehMfvALjOTjVR6M5R7wYwSmbMl3oSVhrycSz7ryQzppxeaLf6KYCq8EUTP61sGrRq4a5uPJLBYgeceVgWqKTIU/yr7pCebonGfebWE7PP/maouf1R6fjQH60JKa3zjHSb4nkqriaDs+Zc5fRB3KL58oFl+dQXUSX5ug2iWcyrrNIp+jWkkk8zxH9Kjc1KoWvFfOr0J008ihedLI11mg6Hxn0rqmN8x94JkL0qM5d1hK9UO7ujejmOciL6BbJMehXiwFdwIiATs0puqK7a/4EbDPcamEeTgeG9FMOdBxw2n5hVSeyxSH9pZaP8g/M3OWmSPGz6MWD/P3scXDZYoToYP/SMS5LViNEp1Lji+lLO9ujim4cD5d0KZjHeyI603Amem4yjobTd0NE157Jus3GzugYLBMHyzlnp+iZFbrm2iG7hnP2SMcrlvsbLcFz4JNxEN3utPRG9BvcdDksdmd5ZrnfmZHRWTroW218YtmJPRcnOutXjO+QQpTo8VeeDlzBMB+XjejUvJ/otrlmeTlqzlScPhrQ8aV6I7LLMRlEd4nmortxyg/gOp0fdktnP1UcfbUKFCb6OxCdXZNpeq/o17lpwgoGxXFFxeWztdIYmVUXITqpzo9p3l6JE50czI0r2TlG0XnMYTCbrnCe6Y7o1JzkrNH/somembgzljOcK/jR5tnXNmRn9YlMRBfDfTzvnJURzyG4VZHiJ6jO/ugf4sAM1+g5Ef1xN30KC+rHO0WGs8tdlOikAjNGZ3PNRYpOto7Hk2+LEz3+dt2uK56nu0U307/5RkR/v1t0qyzjZ+8YefgVXuNbvvBybOJpY2AyThLvIHNzzWbu1iRd+qMDCeb43bW9ZmfdNev+MUL6R/ln3W91JaCgoL5eLXLiOl+NFJ1URk0T8FZttOhkebMxMhsuQvTIOtrWh6l4bn20e+r+Nfnms296IvqblnU/4+jPwFrdCX7hh7+Rfp6Zvrd96l18V8uRj6PoMoaoDrWB+I3h1Idz7qJTdLRes04tXvS3upJxz7pycDT+bd3Fw+KWqPQ8WnRyOOo/83rFRYtuXDJiSq52pYsSPb6RPttdFM8z2YhungMT/UdfM+4siG5z95Za/jIt5+wdhD22NjfR8QoQHC+DOgbhNHz5oC6+i+TysmAceaWrOCS215B114j+bjgZV6KJO1lbX2qMk9r6mvs76tETVxaLjxedrC00RqCGlfFoopODkRKDc4cuVvT4k/hbbiI83ono9wTNxfS+WXfuoAffZfLO2ftZULzpvyA7p+3IyPE6Ol8BER0ExfEQmO6vtUi9Z/U903tNAzpFz7um+uiaKw/LVyyNT/O9/aFMuzw62V11o4lOrpkbNf8QL7pRma3Fz2uWXYTo0d2ZyLybDJWnLaKb6OD7XNENlT0M53piRjXvVI4DUB2PLwLrN9IxglAWkuXi5BuKS7U4v0hXyzl15/ydEZ0VZpB2Z++1nlYtd7tSMTbVF7bckGzUGhGsMBkUL7qxvBD/f5qRRTd2IoP6Eu4EFiC62xulfdVYl+nZiP4N+ap/RNc4rq63OGpMt+upraZl49oa0YEZboVgRXFLx/nzrzpmq8BiNLhI9xGdnVrouVxTLdUCPav6yhhSVAcuh/hSEvlVmUcXnRxcHhPOr3FkdNHJSYzqm1uuGNHr00/FkWcsosNzH8+/R0TvV3jiLGyhd9eYASz2zAGfVlsCOg+4Szyn5oaP6RhZdiIYL11U4TpFN9m19xqz7l90Ck8wopdrgZ5VfXY01VfW6+6fcUJbh2Zxt+KGEL1A1RdRFHo40YtUfebIuUJEBzODd/Mmx5Mi+gcQ3TyH6QPW6Kq6Ko4Xo2biNN9u83fO21kA9qXQuaEZYjqB5Bx4nwWDfjERZ8fiaDvG96Tcs07dEdC7RS/bAj1DlSUeopi/shKxFNtYbAzNyiVVB6JFH131Of4JhhK9ONUvw5yiONFXB+Vf9t3kuOpJP3X/xjQfJDrfUEYq3GBjdRl9mi1O3AFLu0umHTS74nl4PLyeiudUX4Ex3V9TxdQd22u8vAbT2ajFi16+Bfrorh9fve/iqJxsDxnFrl1zbryik+Vrh9zQnmedqwJEB/XZ4+HW5guHjkSLHt+dadtNkls/CKLT9B7Rvw2iW90JPuq57Kbji/P2MEJ00MYXK0mx8gSED7G83TH9gkVl7I4qqz3rCViWjvOy86y7mK5T93cz5Z7LuEAfxfWl+UvqbhT2Zy/721DKVUEhooP9jb91/VL+r6wY0Un9ir9zvba5WnUuVvTRuzOduInyBEU3zQdFdJpu19j0ErroTsPxxTW6hHSekrFluriutnPOLh9oDjAAMZynZl7pzN/hu0e213hN1dd7huZe9HIu0LupXjM7VOH22ubsYcWNzvLuwlzfGfv2Rj3vEtxCPusuiv3V9c1+sWxxYTd/wnK40IfYtWx9Y+GyWr8Z+xUn+Su+jYU+xKXIDxoktyX6ZHlBRee0Hfz0/U85Z90t3d6VjzNaQARn3YlQ0/3cV5zgLVUtISemd9bnpjoMz5x+FdmtmarCCjOcun8kogMWh3y64v4dLB9e0v8/u9ql21esHlbd+Ng62lifX1xqGEvH83uXXHNQcRMD5dO3UeN5yf4Ei/PrGydbbqJU6qvr86jxXLM/hf6rXnYTYrlWQEv0WNNVdJhO0X/KE13lJrK11ikYp70bOtP2JgvM+Lpxbas74Qu7A1/n2UaAgZFcu7XQ7wv1HC+z7uyPrhH9o+w11YdKmojrQ6V+dOXqJVesL2xvXraIKuPbC3tXzG4cbRWmX6W6vFWvby2vVdzUqOCPcLCPP8FUqe4f4N9DteImy9URLdEL40mIbp6DfttrtlLP2A6/MdjMvXMlnXP3l84tlENzQt/l7RSQkgew0aL4bWl3u9TSfdadoj9SiqssiUQfKseFtESPN/2e74PnYMAanbK3rMCM1XWXNxycOQc6bdd0HGlmRA+hnKt0loHVn8y9K6www0FqxtntNZR7BhrSk+eJknNUTEv0+E22e6g5yV5qsak7scYNbL4GKHu2rrvAGlJEjsvAeGL9FfHx9dw1oIPuenGh8gQ817bJnLqzlFQQvcQba4kE2C6mJXq86ff4PJzwa+4anak4M505OBZ75ipdR994DZr7+pAYGdVtf01DOr51EMs5cpWOFTro9GXqnHXngRkV/V0/dX/CJRJlph7REr1YrnsKnlPzX/uKTtc7u2tAZ/ECs3AI6RSd91Q1FcdDsO3QfY2OK3BcRj6Kr+puCfcQ0jNT906FmYddIlFqtgtriR5vOjXPFx1CexjTeRm9b113gFgOzQV8+6OwCmtPWO8GwnwcXlP9gudgs1l3nnXXSy0fSaeWO10iUWp2IlqiF84dT1Fz0L1GN9EZyK2wu8byv9Z1b7EbUzjwzpNxvI7e7qkDaw0WX7Hb6NYiPVSB1eE9W6Mj646NdEzdk+eJ0jNfaEv0+Nm7iT6wbTI/mWYtkJ3Lcx/LITZ054EZao6PDkD8tjqwtqcGzfUBGHnQXQYG9FdR113LPcPzL9ioJXmeKD2HRbdEjzf9V2XgfXTO3c10bqBjkLHZ1JfnZZh3DxdVYXoXzMSp7IPrunPmLh0ceNQdJ2bgeVqfJ0rPZlwfpuK56jnR/Lff+mbd5cOvll+o59Z1Pyc6a2+eq+VwHiMFt7m70FvX/ZVsXfcLzcdpWXeJ6GzJhJD+Vsq3J0pP/z30uaqbJjT9t19/y4vo2VQ7LcegmrORKkZEc3xJ+r1ttaRY/bXtv+C3JOIyovObvRVDHdiwiW7VnlkcMpOMS/vnidJTuaz44q/xpj+PgJ4vOuF1lpYl5fyddKbbNaxb0p2tGzDgxSAR3Rqv8b1gFOfAbDtHKn7BSTzQiA7P2U31oXQeLjFllvcq7m9YKEfFiX48/1fR3+yUe85uprf8SVjA7XNGc8A1OqHkPhXXtK7J2TqwLPZMz1/FL8ithBMzPBlnt9eS54mps85eeAOYbTRKdcz9L7yYG9HNcSousTz0VO1Ax2XkA3glPXunpd1x3dJx/poqHk26q+GM7Aqn7t705Hli6uwv4T553Q1gt9Eo1zH3HNMHTd0pewuyt+weeoucsS4kH7FbikmFzDsVt+7oNJ2I6LBbbRfHZQzBnKYzorOb6n1Vl0hMmb0GWFqtuH7sLDVKureW4bqHBpZ7BvqL8ZzGazg/E+dDEk5eDeXsj463SdlDMo6PLNQ1DcdjcTRdJafobNQiFWYoeto+T0yfrZpX9sTlU0eFn7LurWWo3tfvCGynvyIG1oyzis/WkgmPfqC6PtBbHzn72vSS2yqdvZLx8rKqXmbBxxef6DRZfP1LnIx7KKXbEyVgrxHYrOfl26+uNfqzWKY56b1e9O+y++hmuzxqO3XXfXRWgJWR9Z55KA5fzME1w7Rd3zYG20jHI+tzXmBjyh0/guTyJRFdknFp2p4oAxrQTfVr93s0371s6p2Sh+fuh/IjOt4WTbepu1qOoI6Xd9f08hplt8oTL/Hba07H1XVTXVxnMk4dx0cH9RyFJzBzT9P2RCno3TjbvKS+5sjayRWLjYHMuHJRvS+nlJQVheTILXS/Pm/KAl132VgDlk1VdYWOj26uWUS3qTsfrs45defmOX6o6Jn+6GnanigHB3kT86XjzcvnZ44bpPwp9wx39opuVWDFb6be9WEuLvRNxqeptHlshp1a2py+h80167LIVTpefqnjprv1R8elljRtT5SEIbrRlH0PvXf6ntupxaTHLwZ0noK1fFz3NrpWe9bT7qciuhWMU6+pt2biCPwmMNwOzED0NG1PlISDxgjUtlwJqdz5dvcaXb/1t15OxRCW6KBlZ+MAd9DxHSrA6oC0exueA4yctOObxgO9vmamM54r96VDMomyMExAL/Ep93xuva+nrjtvqLKhgyXdz5l3xw+M3FgLzVp4WqYpj52L40eGi9A42epNiOf6BtfBY+lOaqI01BsjMFfeNgQPP0bRuxukS2kZxnMA10V1wL4NwLo4qOpNoJZLWGdAt0KwvmMLHc8eg7WAfvu/pRdL4v/AEF0sS9Nu7R9Rvf3NzBqdgyXeobs+UBxy2zY6/W437eGdlqB4Wx33eTjznOgxmXA2Dtyfku2JErHzX5y4e+6+30d0s139FmB2aLIoM/YWgObivN1o4aenazI+wPqvQXO+kFz+Dhzn57F7XSJRIkYJ6Juln5ve+4BpzkDOJg5WeEJehnJupLckD4dXP5qMk1djuSlvDdIRxmUE6jlexnQ8t6c9tUSpGCWgz5XhGvrfUL3zAdtV4865yE7T8YrqQtNXk9IvfOTVHXTJxzHtzmhuYCv9Fbu/BpiRYx7u9pRrT5SM+UY8R+7fQOXeB85C42R5iUhul9LPhWA5gN4c9V6LWN61Uuci3fbW+C3FX4VXr0+aJ0rHYSOeWfcvoXLvgy+fmencWiNqN0VHUOfems7dgUhOz/GY5RjCYRkdwrydh+JeTZonSslmI5p19+8BqrMArNjuR4byM33OO6dlhJcY1FlJqsv0tibieACW91r4+JpxSfNEKTn4H8Rzz8M+qp9lV+gs744vX/Q5C4+6+2k7XiJ2c8h0Y4LoMlx/Z0rBJcrJNSuNODbcv44nbn+NG+msDxkkF8ebDO/NcGBGxJavpu+uCFR3v8Fm3VqoO+P5/fcmzROlZeuyRgS1ct1BH5bqvfefESsDq55Tc7vUYkdm8PGKn2aur6nmVvD5Fa098didac6eKDXVvcY/ZuUa92/l1jsfFMu95xh0fX6mBd1puT8ogxduE67Rqbq1U7V2LViZp0NwifKzuvRPb6b+2d7ZrDYMw3A8tKPrRjZI2UcpIRD2Ueg1GFNsjDGB0vMuOY2Bn2DHvf0UWzFjsC3s0trVL4mdB4iQZEX6R1A//4Ut02EOLDp0r49u4cEhM0E52Q5l9A6ecCaHONU11R79b0ME0VPPLl7Gcx6vOx+Ytsx46TVYYHVZOvau9ZsNoskuW+9xa2e9lQd/rqWgkJ2Ih9titFcvEjlyagTTr4AfJxW6WqwL4oHe0MMcqa+F9Dc8h9soThE7ERv55GpMcl7VWUI0Qmqsobsw3rt1uO3gzL14shda7IKMgzNyCtiJKJlf/3UAf7c+3u7zf7MVTIG1Y3YO+PY1uPyOwsmhzrYxku/JyImYycvZjyNfH6tllixzMHdp3l1+jhbuXrx9Y9S+U0zsKSUn0qBe3599Hwh7s3rOsxOgaQXnjEmpjNHafuidUUoyxrloKVQnkmOaXz6Ui1VVTBbl07I+3Cf+CRWg2ejcJux2AAAAAElFTkSuQmCC",
+  "url": "https://github.com/hslatman/caddy-crowdsec-bouncer",
+  "description": "A Caddy module that blocks malicious traffic based on decisions made by CrowdSec.",
+  "stars": 6,
+  "downloads": 0,
+  "readme_content": "IyBDcm93ZFNlYyBCb3VuY2VyIGZvciBDYWRkeQoKQSBbQ2FkZHldKGh0dHBzOi8vY2FkZHlzZXJ2ZXIuY29tLykgbW9kdWxlIHRoYXQgYmxvY2tzIG1hbGljaW91cyB0cmFmZmljIGJhc2VkIG9uIGRlY2lzaW9ucyBtYWRlIGJ5IFtDcm93ZFNlY10oaHR0cHM6Ly9jcm93ZHNlYy5uZXQvKS4KCiMjIERlc2NyaXB0aW9uCgpfX1RoaXMgcmVwb3NpdG9yeSBpcyBjdXJyZW50bHkgYSBXSVAuIFRoaW5ncyBtYXkgY2hhbmdlIGEgYml0Ll9fCgpDcm93ZFNlYyBpcyBhIGZyZWUgYW5kIG9wZW4gc291cmNlIHNlY3VyaXR5IGF1dG9tYXRpb24gdG9vbCB0aGF0IHVzZXMgbG9jYWwgbG9ncyBhbmQgYSBzZXQgb2Ygc2NlbmFyaW9zIHRvIGluZmVyIG1hbGljaW91cyBpbnRlbnQuIApJbiBhZGRpdGlvbiB0byBvcGVyYXRpbmcgbG9jYWxseSwgYW4gb3B0aW9uYWwgY29tbXVuaXR5IGludGVncmF0aW9uIGlzIGFsc28gYXZhaWxhYmxlLCB0aHJvdWdoIHdoaWNoIGNyb3dkLXNvdXJjZWQgSVAgcmVwdXRhdGlvbiBsaXN0cyBhcmUgZGlzdHJpYnV0ZWQuCgpUaGUgYXJjaGl0ZWN0dXJlIG9mIENyb3dkU2VjIGlzIHZlcnkgbW9kdWxhci4KQXQgaXRzIGNvcmUgaXMgdGhlIENyb3dkU2VjIEFnZW50LCB3aGljaCBrZWVwcyB0cmFjayBvZiBhbGwgZGF0YSBhbmQgcmVsYXRlZCBzeXN0ZW1zLgpCb3VuY2VycyBhcmUgcGllY2VzIG9mIHNvZnR3YXJlIHRoYXQgcGVyZm9ybSBzcGVjaWZpYyBhY3Rpb25zIGJhc2VkIG9uIHRoZSBkZWNpc2lvbnMgb2YgdGhlIEFnZW50LgoKVGhpcyByZXBvc2l0b3J5IGNvbnRhaW5zIGEgY3VzdG9tIENyb3dkU2VjIEJvdW5jZXIgdGhhdCBjYW4gYmUgZW1iZWRkZWQgYXMgYSBDYWRkeSBtb2R1bGUuCkl0IGNvbnNpc3RzIG9mIHRoZSBmb2xsd2luZyB0aHJlZSBtYWluIHBpZWNlczoKCiogQSBDYWRkeSBBcHAKKiBBIENhZGR5IEhUVFAgSGFuZGxlcgoqIEEgQ2FkZHkgW0xheWVyIDRdKGh0dHBzOi8vZ2l0aHViLmNvbS9taG9sdC9jYWRkeS1sNCkgQ29ubmVjdGlvbiBNYXRjaGVyCgpUaGUgQXBwIGlzIHJlc3BvbnNpYmxlIGZvciBjb21tdW5pY2F0aW5nIHdpdGggYSBDcm93ZFNlYyBBZ2VudCB2aWEgdGhlIENyb3dkU2VjICpMb2NhbCBBUEkqIGFuZCBrZWVwaW5nIHRyYWNrIG9mIHRoZSBkZWNpc2lvbnMgb2YgdGhlIEFnZW50LgpUaGUgSFRUUCBIYW5kbGVyIGNoZWNrcyBjbGllbnQgSVBzIG9mIGluY29taW5nIHJlcXVlc3RzIGFnYWluc3QgdGhlIGRlY2lzaW9ucyBzdG9yZWQgYnkgdGhlIEFwcC4KVGhpcyB3YXksIG11bHRpcGxlIGluZGVwZW5kZW50IEhUVFAgSGFuZGxlcnMgb3IgVENQIENvbm5lY3Rpb24gTWF0Y2hlcnMgY2FuIHVzZSB0aGUgc3RvcmFnZSBleHBvc2VkIGJ5IHRoZSBBcHAuClRoZSBBcHAgY2FuIGJlIGNvbmZpZ3VyZWQgdG8gdXNlIGVpdGhlciB0aGUgU3RyZWFtQm91bmNlciwgd2hpY2ggZ2V0cyBkZWNpc2lvbnMgdmlhIGEgSFRUUCBwb2xsaW5nIG1lY2hhbmlzbSwgb3IgdGhlIExpdmVCb3VuY2VyLCB3aGljaCAoY3VycmVudGx5KSBzZW5kcyBhIHJlcXVlc3Qgb24gZXZlcnkgaW5jb21pbmcgSFRUUCByZXF1ZXN0IG9yIExheWVyIDQgY29ubmVjdGlvbiBzZXR1cC4KCiMjIFVzYWdlCgpHZXQgdGhlIG1vZHVsZQoKYGBgYmFzaAojIGdldCB0aGUgaHR0cCBoYW5kbGVyCmdvIGdldCBnaXRodWIuY29tL2hzbGF0bWFuL2NhZGR5LWNyb3dkc2VjLWJvdW5jZXIvcGtnL2h0dHAKCiMgZ2V0IHRoZSBsYXllcjQgY29ubmVjdGlvbiBtYXRjaGVyCmdvIGdldCBnaXRodWIuY29tL2hzbGF0bWFuL2NhZGR5LWNyb3dkc2VjLWJvdW5jZXIvcGtnL2xheWVyNApgYGAKCkNyZWF0ZSBhIChjdXN0b20pIENhZGR5IHNlcnZlciAob3IgdXNlICp4Y2FkZHkqKQoKYGBgZ28KcGFja2FnZSBtYWluCgppbXBvcnQgKAogIGNtZCAiZ2l0aHViLmNvbS9jYWRkeXNlcnZlci9jYWRkeS92Mi9jbWQiCgogIF8gImdpdGh1Yi5jb20vY2FkZHlzZXJ2ZXIvY2FkZHkvdjIvbW9kdWxlcy9zdGFuZGFyZCIKCiAgLy8gdGhlIGZvcm1hdC1lbmNvZGVyIGlzIHVzZWQgdG8gd3JpdGUgbG9ncyB1c2luZyBOZ2lueCBmb3JtYXQKICBfICJnaXRodWIuY29tL2NhZGR5c2VydmVyL2Zvcm1hdC1lbmNvZGVyIgoKICAvLyBpbXBvcnQgdGhlIGh0dHAgaGFuZGxlcgogIF8gImdpdGh1Yi5jb20vaHNsYXRtYW4vY2FkZHktY3Jvd2RzZWMtYm91bmNlci9wa2cvaHR0cCIKICAvLyBpbXBvcnQgdGhlIGxheWVyNCBtYXRjaGVyCiAgXyAiZ2l0aHViLmNvbS9oc2xhdG1hbi9jYWRkeS1jcm93ZHNlYy1ib3VuY2VyL3BrZy9sYXllcjQiCikKCmZ1bmMgbWFpbigpIHsKICBjbWQuTWFpbigpCn0KYGBgCgpFeGFtcGxlIGNvbmZpZy5qc29uOgoKYGBganNvbgp7ICAgCiAgICAiYXBwcyI6IHsKICAgICAgImNyb3dkc2VjIjogewogICAgICAgICJhcGlfa2V5IjogIjxpbnNlcnRfY3Jvd2RzZWNfbG9jYWxfYXBpX2tleV9oZXJlPiIsCiAgICAgICAgImFwaV91cmwiOiAiaHR0cDovLzEyNy4wLjAuMTo4MDgwLyIsCiAgICAgICAgInRpY2tlcl9pbnRlcnZhbCI6ICIxMHMiLAoJImVuYWJsZV9zdHJlYW1pbmciOiB0cnVlCiAgICAgIH0sCiAgICAgICJodHRwIjogewogICAgICAgICJodHRwX3BvcnQiOiA5MDgwLAogICAgICAgICJodHRwc19wb3J0IjogOTQ0MywKICAgICAgICAic2VydmVycyI6IHsKICAgICAgICAgICJleGFtcGxlIjogewogICAgICAgICAgICAibGlzdGVuIjogWwogICAgICAgICAgICAgICIxMjcuMC4wLjE6OTQ0MyIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInJvdXRlcyI6IFsKICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAiZ3JvdXAiOiAiZXhhbXBsZS1ncm91cCIsCiAgICAgICAgICAgICAgICAibWF0Y2giOiBbCiAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAicGF0aCI6IFsKICAgICAgICAgICAgICAgICAgICAgICIvKiIKICAgICAgICAgICAgICAgICAgICBdCiAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgICAiaGFuZGxlIjogWwogICAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgImhhbmRsZXIiOiAiY3Jvd2RzZWMiCiAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAiaGFuZGxlciI6ICJzdGF0aWNfcmVzcG9uc2UiLAogICAgICAgICAgICAgICAgICAgICJzdGF0dXNfY29kZSI6ICIyMDAiLAogICAgICAgICAgICAgICAgICAgICJib2R5IjogIkhlbGxvIFdvcmxkISIKICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICJoYW5kbGVyIjogImhlYWRlcnMiLAogICAgICAgICAgICAgICAgICAgICJyZXNwb25zZSI6IHsKICAgICAgICAgICAgICAgICAgICAgICJzZXQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJTZXJ2ZXIiOiBbImNhZGR5LWNzLWJvdW5jZXIiXQogICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgXQogICAgICAgICAgICAgIH0KICAgICAgICAgICAgXSwKICAgICAgICAgICAgImxvZ3MiOiB7fQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgImxheWVyNCI6IHsKICAgICAgICAic2VydmVycyI6IHsKICAgICAgICAgICJodHRwc19wcm94eSI6IHsKICAgICAgICAgICAgImxpc3RlbiI6IFsibG9jYWxob3N0Ojg0NDMiXSwKICAgICAgICAgICAgInJvdXRlcyI6IFsKICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAibWF0Y2giOiBbCiAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAiY3Jvd2RzZWMiOiB7fSwKICAgICAgICAgICAgICAgICAgICAidGxzIjoge30KICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICJoYW5kbGUiOiBbCiAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAiaGFuZGxlciI6ICJwcm94eSIsCiAgICAgICAgICAgICAgICAgICAgInVwc3RyZWFtcyI6IFsKICAgICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgImRpYWwiOiBbImxvY2FsaG9zdDo5NDQzIl0KICAgICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBdCiAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0KICAgICAgICAgIH0KICAgICAgICB9CiAgICAgIH0sCiAgICB9CiAgfQpgYGAKClJ1biB0aGUgQ2FkZHkgc2VydmVyCgpgYGBiYXNoCmdvIHJ1biBtYWluLmdvIHJ1biAtY29uZmlnIGNvbmZpZy5qc29uCmBgYAoKIyMgRGVtbwoKVGhpcyByZXBvc2l0b3J5IGFsc28gY29udGFpbnMgYW4gZXhhbXBsZSB1c2luZyBEb2NrZXIuClN0ZXBzIHRvIHJ1biB0aGlzIGRlbW8gYXJlIGFzIGZvbGxvd3M6CgpgYGBiYXNoCiMgcnVuIENyb3dkU2VjIGNvbnRhaW5lcgokIGRvY2tlci1jb21wb3NlIHVwIC1kIGNyb3dkc2VjCgojIGFkZCB0aGUgQ2FkZHkgYm91bmNlciwgZ2VuZXJhdGluZyBhbiBBUEkga2V5CiQgZG9ja2VyLWNvbXBvc2UgZXhlYyBjcm93ZHNlYyBjc2NsaSBib3VuY2VycyBhZGQgY2FkZHktYm91bmNlcgoKIyBjb3B5IGFuZCBwYXN0ZSB0aGUgQVBJIGtleSBpbiB0aGUgLi9kb2NrZXIvY29uZmlnLmpzb24gZmlsZQojIGJlbG93IGlzIHRoZSBnaXQgZGlmZiBhZnRlciBjaGFuZ2luZyB0aGUgYXBwcm9wcmlhdGUgbGluZToKJCBnaXQgZGlmZgoKLSAiYXBpX2tleSI6ICI8YXBpX2tleT4iLAorICJhcGlfa2V5IjogIjllNGFjOTRjZjlhZWJhYTM2MjVhMWQ1MTk1MTIzMGE5IiwKCiMgcnVuIENhZGR5OyBhdCBmaXJzdCBydW4gYSBjdXN0b20gYnVpbGQgd2lsbCBiZSBjcmVhdGVkIHVzaW5nIHhjYWRkeQokIGRvY2tlci1jb21wb3NlIHVwIC1kIGNhZGR5CgojIHRhaWwgdGhlIGxvZ3MKJCBkb2NrZXItY29tcG9zZSBsb2dzIC10ZgpgYGAKCllvdSBjYW4gdGhlbiBhY2Nlc3MgaHR0cHM6Ly9sb2NhbGhvc3Q6OTQ0MyBhbmQgaHR0cHM6Ly9sb2NhbGhvc3Q6ODQ0My4KVGhlIGxhdHRlciBpcyBhbiBleGFtcGxlIG9mIHVzaW5nIHRoZSBbTGF5ZXIgNCBBcHBdKGh0dHBzOi8vZ2l0aHViLmNvbS9taG9sdC9jYWRkeS1sNCkgYW5kIHdpbGwgc2ltcGx5IHByb3h5IHRvIHBvcnQgOTQ0MyBpbiB0aGlzIGNhc2UuIAoKIyMgVE9ETwoKKiBBZGQgdGVzdHMKKiBUZXN0cyB3aXRoIElQdjYKKiBBZGQgY2FwdGNoYSBhY3Rpb24gKGN1cnJlbnRseSB3b3JrcyB0aGUgc2FtZSBhcyBhIGJhbikKKiBBZGQgc3VwcG9ydCBmb3IgY3VzdG9tIGFjdGlvbnMgKGRlZmF1bHRzIHRvIGJsb2NraW5nIGFjY2VzcyBub3cpCiogVGVzdCB3aXRoICpwcm9qZWN0IGNvbm5jZXB0KiAoQ2FkZHkgbGF5ZXIgNCBhcHA7IFRDUCBzZWVtcyB0byB3b3JrOyBVRFAgdG8gYmUgdGVzdGVkKQoqIEFkZCBtZXRyaWNzIGludGVncmF0aW9uPwoqIEFkZCBwcm9maWxpbmcgaW50ZWdyYXRpb24/CiogQ2FkZHlmaWxlIGNvbmZpZ3VyYXRpb24gc3VwcG9ydD8KKiBBZGQgbm90ZSBhYm91dCBgcmVhbGlwYCB0byBSRUFETUUubWQgKGluc3RlYWQgb2YganVzdCBpbiBjb2RlKQoqIENhY2hpbmcgdGhlIExpdmVCb3VuY2VyIChmb3IgdGhlIGR1cmF0aW9uIG9mIHRoZSBkZWNpc2lvbik/CiogLi4uCg==",
+  "version": "no release",
+  "download_url": "https://github.com/hslatman/caddy-crowdsec-bouncer/tags",
+  "asset_url": "https://github.com/hslatman/caddy-crowdsec-bouncer/tags",
+  "status": "development"
+ },
+ {
+  "name": "cs-haproxy-bouncer",
+  "author": "hellracer",
+  "logo": "iVBORw0KGgoAAAANSUhEUgAAAQQAAAEECAYAAADOCEoKAAAgAElEQVR4Xuy9B7gdVbk+/q3ps3svp9ecdBICCYQSepWOFEFQBMRyvV6xK1dFUFSwYgEUsYCgoILSa6gJIYXkkHr62efs3veePrP+z9pJMGDKSaLe358z6+F5eHL2mpm13rXmnW99FYHdbARsBGwEdiCAbCRsBGwEbAR2ImATgr0XbARsBN5GwCYEezPYCNgI2IRg7wEbARuBf0bAlhDsXWEjYCNgSwj2HrARsBGwJQR7D9gI2AjsBQH7yGBvDxsBGwH7yGDvARsBGwH7yGDvARsBGwH7yGDvARsBG4GpIGDrEKaCkt3HRmCaIGATwjRZaHuaNgJTQcAmhKmgZPexEZgmCNiEME0W2p6mjcBUELAJYSoo2X1sBKYJAjYhTJOFtqdpIzAVBGxCmApKdh8bgWmCgE0I02Sh7WnaCEwFAZsQpoKS3cdGYJogYBPCNFloe5o2AlNBwCaEqaBk97ERmCYI2IQwTRbanqaNwFQQsAlhKijZfWwEpgkCNiFMk4W2p2kjMBUEbEKYCkp2HxuBaYKATQjTZKHtadoITAUBmxCmgpLdx0ZgmiBgE8I0WWh7mjYCU0HAJoSpoGT3sRGYJgjYhDBNFtqepo3AVBCwCWEqKNl9bASmCQI2IUyThbanaSMwFQRsQpgKSnYfG4FpgoBNCNNkoe1p2ghMBQGbEKaCkt3HRmCaIGATwjRZaHuaNgJTQcAmhKmgZPexEZgmCNiEME0W2p6mjcBUELAJYSoo2X1sBKYJAjYhTJOFJtMcKeHOjAJdtKVotKmpC1q9r+9p+mNZ3JQylVkcpqssh2tzgvzGaQTVtJ2qTQjvgaXHGCOEEN45lW0Y870Iqe+e2l0rJn/zyqh8gWBqxZlN3IufPq77sj1N/4FVyVuWD+Y+RFG0FXPpq796xiFnTQWqd49lKtfYff7fQcAmhP931uKARjKcycQk8MUdplnUKZWaEfUNbduG+d7efyaE214ce/zVrHia2zSgO2K8eMNxrcv29NBfr8r+8pmR6kcABOj2Sq/eeErPUbvrOzw8LOiUowlYH2+y2KQtxeiNeMcQQsYBTci+6P8UAZsQ/k/hP/iHP/LG+C2rJuTLgMJa3EGv/9gJ3RchhPTd3fn3K4e/8/jm6uc9FEr1tDlXXr+s69w9jeAPrye+9fiW9GdMi+fnNVN/+cKJsy7YVQrZ9boHXxm8bXVWuxAhmprpo59a1hH8bHu7r3jws7Pv8J9GwCaE/zTi/+Ln/WpF6snHhwqnAMPCTA81+tE53KzW1lZ5d4/pTxQPWT1WvDzq829AlizMC8Cfm5qacu/um81m3YM5/cg874kWc7XZrRHupWUdgcd2d0/S93frC4+/lqWPohEFC7zq2ssOaz+rNeSY+BdP1b7dfwABmxD+AyD/Ox/x29dG739qpHQxpinodlAjHzm6+dA2r7cGACZCyNr12ePjWETeqqPF48ljjOlksuqX9Ex7T3vPatIvJ0nNxUwm2tPevn6nyJ9IVII8r2rhcLi667126grGMRYfem7jw2uycDJDI5jjMV48b0HXRV1RV/rfOW/73v8eBGxC+Pfg+i+561QUdE+uGP7SBoW5jBWYmkuu1k7pCVzp8bByoVCQOjs7lV0HkslkYpFIJLXr31LVakTPZjtUi3KBW1TCkchmL0KFdxLJuPhuqQNjTBHCGR8vB14Zm/jftOWeT1OUEbJK64/tnv2/TU1IejcI5BoAoAGgoQC19Qz/km3yL72JTQj/Ujj/dTd7aWP6g1uBu0jQjGKrYDxy7Mz4g+TuhCTIS5VOpwPRaLTQ39/fGwwGR+PxuDwyMuLN5EtHtXXPfAsxhhRNpcqot/dta8PExERrc3Pz+Lu/9FsGhs/K50qzujra/x6PB9969yyGhoaiXV1d//TFxxhz69dvmuvxiJMdHR3kd7R58+YeQRAyHR0dRKIg5g9rx5jh2U2Zj63JGR+nFFnjHUL59Hb3NT2t3oF/HWr2nQ4WAZsQDhbBf8P1qVQ18ud1Iw+sLlnHIQPD7BDz6nmHdlzQGXGlMpmMC2OHk6IQXa9no3XVYmfP6FyHENIKhYI3n682W5YR8HgcW2KxWH7nsWESY4c2mo52dMSGdw4ZY8xvGx5eEvR6h4PB4Pj4eHq+xVhGezz+Dp+D0dFRf3t7+zuUhBhjZtPg+Eyk68jrFQebmpoaEkEymQwXi8VWn883RlGUbFkWVuNxqxMh5YH16dsfHyx/QqtUIeyli1cd1nrGIS3BFf8GCO1bHiACNiEcIHD/zssqFRy8Z8XQ86+XzHmmxUG3IOfPmR+5NIQqLzEMg1paWtBkJr80MTl5Rntn208EgJJlWZamaUY0GtU3bdo018E4ZE/IMxkIBMpkrOl0OqpSLrot7Jwk/y6XcSBRSi+MOOjXd9UPZLPZeKVSaenu7l61c475fN5Tq9XonaRAJIORkVRTtl4J9zSFt/r9fnlkBCiXK8cyDEOnUrlDOI6XwmHfUA0AVctlntV14+kUvuu5ceMsygBo9ujFDx/afOKcZv/afyeW9r33DwGbEPYPr3977214G89lWpufXj/8yw0l9QgTeHFWkH3jiDbHDaJWknRJmkFzrlhFkhaG4rEXfR7PcgZrBZZVZZcrRpSJOJFIOFIF+Xhwx/TDvPoLEAhYWwYnDxHdwWRbhJ+sJBKOqqI4mnt6kgghc3dn/eHh4blut3s4FApJpRK4J4upGbM7Y+vHx3OBkq4EzUrJvWDB3NfItSMjI7woijTP86ymsbyGtcjE2OilTqdro6VqFRCMhJfii28p/LlvpqyrQLeYoNMYPK4j8JW+ruib/3ZQ7QdMGQGbEKYM1X+mI3H06ejosEaTte5J3ZxbLhVntwc9T4Y4s18QBN6yLM/IePoThUJxrt/v28QwVM7N02tpjsrzfKBgGJYWj/sm/75y6BsvDZQurzL+IEsjnaIYgUJYDUHxzfcf2fWx3rj7n3QF757h8HCy40+bKncmy2afgjk/bZk1kecoRSoL81qdfz/9+J5rWgDURCLBG4aBMcYzipXaIppiuUqttsAhiJPN8fhDPI8m/H6/kgCgqolsi1GzBJeXrzgoXy4WQ/X/DLL2U6aCgE0IU0Hp/6APUcQNJhLdplR2zpgxp58oEmu1mq9e16PjqeS1Lc2RBwWGGTFkI6xpZa5Qrh9i8qICFi7xnDC2LgNXP7gmex3n9IKl1kE3AGgawcIoeuLL588/fapTuu3JoQfXjpTPsHivaCgyEDMBTxt4SQv927Pmej+mKAqrKIpoWaxPFCkqFAo1jiQYY/fo6OT5TU3h52k3ndPLNFuMJ1PcAId6enoMIpmkUilnLBb7J0Igug0AICZT4u1I3LLfYT6d6tjtfvuPgE0I+4/ZQV1BXvS1g6nTkNtvSAYKNnn1FzpdrneYAne8UFQul4sV0ulmfySySTAEQaIkd7kmL9YMI9DZEv9zvV4HihJ9AGqVoijKEgRTqtXEWi4XXpMVPvnXrfrlrCEDZaoWEj2UgVjocSsrbr5o3pFTncT3Hh/90+rhwjkqJbIOGkDTdBAdHBwSMv9+ejd8UhTF9LvNm+Pj282UIyOTsyr12pJQk+t5xLilmMuVHx7uDyPkQp2dnSmimHy36ZHoTx7fPHBLyeK6TUtEx3cLX5kV9bw61fHa/Q4OAZsQDg6//b56aw0vuPepdfdlsLOvoNPURxdyHz2hr/XOXW9ESCOXy7kUzEVT2cycjkhTQ8GnqpIrm00c0tXV9ayu6yJN03XD4ByiVTMNntdqpumkVLVANP5/fGXghw/06/9NAQYeNJBMGixGgMPi9AtfPavr+KkO/LYnxv6ybqx4hg4cx2p1AIYD2TTh2JnBP/7XCa2X7viC704PwSSTSa6UV47yOfAWZyhUMwzDSBVqLSznVWa0+4Z2N4axEu6+8/nVj4+rfK9uOuHqQ+mPnjCr/R34THXsdr/9R8AmhP3H7KCu2FzAR/3k6W0vF0EAFqtwydzATafPDd6ww2mH3JuIyCYhhWJxyDM6Ki1esGDuc4VCwTmaLR8XdVtrkaOZ4nlsmrVaKRwO1xMJEKAFgE2nqWg0KiUAhOWvpe/525u5i4jXAjkqaKYFIk9Dp0d789rzDzmyFaHduje/e3Lfe3LLoxvG4YyqgsDHyaAZJpiYg2U9jns/dmrX5XsDg4j+k5OFSDqf7ls4b9byZBLYYm1kRgwZQ4GeHuIfYb077mJdWjn118u3PpTWeSfHUnDpAv8Np88I3XRQoNsXTxkBmxCmDNW/puOQgvv+8OK2Z8bKUguHTOnYsHD/SfObrtd13QiHw2q1WvXqui4UdLEF0aKeyYwdFgr61ul12VWW9e4j56R/XSx2OYgGL1CpaFmnkwHg4zTNyoFAOgfQYeRyUviZjcmfP7sxc5rChnisq6DrOlDIhJlBavCS42ZeMrPJ+ca+ZkT8Gn74au6NrRNqj26xILBagxBYxgFHdHmeOHue56r2kCO1p6AnjDFLnrFu09DJArLqbDAykUtl5jT7vW9JCDtnUOY21NQkEeKo1WrecrnsSyto4cYifVmyLM/UNZk6aUb8xiU9/t/ua6z27/8aBGxC+NfguF93WT1ePb9Qr88KBXxrQzy/rcUDI4nEYDuwAVExdFemCqe8Nli4rKKCU5NrlOhwIdPUwSmwpYuPCB3vZRhZVVWdKORIcJGiKIZhtOCdfgCGwYmTsnFcuqrPVauqi2WoMb8/vAVzNE8pddEB5bKHolKurtjWAEINP4V3t9HRyUWlqtZheN31eh2FKIbVy1K5OVcqz434ghva3MyrczpDK/chIbBDuWrns5tqd4yMp7p5pweXalVPIOirqoruPLLN+ZMzDm36RiKRnmtZKtfW1raWKBBTGDvTyfoxbhcz3OURtuwXuHbng0LAJoSDgu/ALibKtHQ63RqLxYbJV5SIzeRvtVrNP5atzlw9UvzyE/2l00zeB5SlA3AOMAwDAg4EXzwp1umk9Vw4HNaIyF0oFBzBYLBCRkIchgqFgsBxHF83TRfNsoqczzeLorjl3cFJk5OTbZl6fVl3LPak2+3O7JwJxljYujVxusMhTrS2ht6RUalUKvm3JZOn9cbjT3izWQl6erQ9SQc7xzM0kev49ary00NpuY2iAEzAoFoIwFThtA727yfODF7v9zvSOx2oMMZOhFC9XC4HZFlmYrHY22M7MLTtq/YHAZsQ9get3fRtiLupmscQDJ2iapQss2o0GlWJ9ny7D/8IXyh4OI3jeAwQAlXFplxmazW5KRSKDlu0KPB6vc66KKlex1VybHiyv/i1+1YkvqIiJ3BaAQzaCSa2oMnH5n5w8YymPeU7ePfwyPOfWrXxtzO7Y9/mdX2UYTw+mlbrfr+/RCSLuqb1JsYKVweD7mfCLZGVyURiSTlbOS4Uib0Y8HLreJ4vEA9IWZa1eDxulMtl53A2f8bC3u579we2mx7etmpzUj1MN1RgWRrqJgK/k4Nz+oRvn3NE55fJ0UTXqSDisAchRLOgliqVWqBe1wLxePx1coTieV43DEP3+5MywGyixCQBUnQikWBYliXWUNidCXN/xmn3BbAJ4SB3AdnMhmGIDMM0lHR+v1/KZrNBBXNOJAgUZVgKa9aKxKef5/mwZdFxWa60Gqrqcvj921jEImSqrEZRKtb1ZCQSGX78zcy3730t8XkZc+CiLVAwCRC0oD3qzX/33LZmtJv0aLubBlFUvrx26M6ZEc93eYovuOPuEiEqEm9ANJc07WY0rEUTY6nLc7nSEdFY8IlY3PuI14GTLpdVIzpKIsWQe5MYCoSc7lR+/Ji5fX0P788YvvKX4cFNGaODoVBDj6FiBCyy4MxexzNLm6zP8TxVYZ0sZ2BxhkAhjgZ1QjURkynUL2wNC3calMAAQlWRqpUxdmMF834LYxOpKtKj3hSfzdLEZbpcLqvvNoEe5PJOu8ttQjjIJSe+/zSts4bBEBEeVOBdW1OlT4zXzGMszit0O/D98+P07T6fr1ZKlVpURB+ST09eirHJCA5HQtc1r2EZtAoM5kF7IxQK3f96Et/44BuZ63TgwLAwYEQBjU1oiXjwZ05rbWsWYWJvovrOKWVL9cMmh4eOmr9g7s92aPRNkl4tFqt5XS5XPZutNMlI80yOTl5arSjzeI5NNTX5HvIEnP0cNk2KclY9Hk+VSCTDGAuOstpUKWbbvE7/5kjkn30n9kBKrm/+fWTdxgmpGyMElKUBpnDDwenM+c1PLwnLX7IslVF1tb2mU6cJDEW7aH1QA14czSsXzWsP3II4R7/IQIJIBYMl7eTVo7WPGxTn5JCWPbnXeYWX54uqqhqqqlo2IRzchrYJ4eDwA3KuJj4BgiDoCkWxVZXrfnL90D3rxqpdCueFOV5z8NTZvo8GjGKmpFinaoz78Gw6ucjnFCZ8geg6D6UOUqxDBpc7LWJ1o9frHXh0Q/4X9702/lHNpAGBBRxNAWVI4Hdx8Mnjmk7taY2sQAg19AZ7ayNp6chcvTKnNyj+GeMSliRWdblcomRJHtZkjVqt1DeeLp0bCPoeawmHV1ZkuSUxlr7G5/aPtbUF75NlGQKBCrFcEBEdZbNZzjRNUZIkf3d399Z9PZ9IKAPjmZN/+Wrmz4kycugYgYO1QNcksDANZy3ufvT4PubDomkaDMNwFQO1IF3ysEa1XqyZR42X4BMh3njGsKhJsPQRimWULTJ/2ZPbqmdrtABeDsMnD3Uujftcm71ebwOP3cVm7Guc9u//QMAmhIPcDURCCAHUqrrOI7cblRAXe/ClbX99M292yUII5gm19CkzAzfE+coKluWdDBKaCoXkMofbv5EWAwUeGZOmqXI8D5O0ClVnODy5daJ08lC6dFpZw6F0DRb53M4R1pLUkEhlIi5+yElpSiTkfcrtdm/dm6QwMJpdxOvlMu/xpCxLdESjLpL4BCVSlYXlWu4ouaB1Nrd6f+ZyubJut7uWTqcZw4B5qVz2AzRNK9Fg+I+Yp9JNgUAyAcAaIyOYfIHf2ppYMGdGy7o9QUeIoCDLzdmx1Cl1McAUa3I0W5baWIevPJHJH+9z8kmfQA13xiJPRxl9BcfpgrmdFIjLMlYx41EtM5bJlq9oCXl+xSJuq65XNIyxY02e+q+H3kx+RgYeAjw2Pn1kfDHPGenWUChLXJ2nIjkd5JK/py+3CeEgl7dUKnWTW2gaUbgLdAGzkZc2JX4wWoXZeY0Rjw6pjx0zI/JFByuXLIvrQYzYlpoYOSHk9z/OCq4R4KiqKcsBmrZ0w0BSNBpdT+5HTG8CAJceGju0r7v9WfI3YkUAACqRq5xfrtT6OE7cMqM1cN+O37YrGrbrhRrOTW9uGTvG5UcpyuGvWjLjEfVCwjRN/3gy/xFOYGp9ne2/c7lcJM8BIsq5lpYWnegYcrlccyZfPKFQqrR2tzXdFYvVKuO5piCjm1o87q6u35pcPH9GfKfJkSj33hFzMDZZPTZXTB/eGml7Phzm1uwK8dB4bnHIyw263e4iMTHm8/nWRg55jLFlKQ7WYnSOYTSNNrh0Mnmu2xtYxVvUcKC5eTKTyYT7S/SHX9ia/izl8Os8MrUPzKRPc7JsWddDpXi84ej0jixRB7m80+5ymxAOcsmTVXU2Y8oCC1BmGKZWqVSqsmW1MCxrFCrSPEnCc2fN77wdFwrNGs3NUTEzc2xg20mzezu/gUxLwli3aJrWLIvYFzUcDP4jOUk2i926PNTX1Nb9DiciYqKs1yGYyU/Ox8DjsmKEXl2T+q+KpLsojjKxxdKGVZGrVaPJJzoqJktRDKbpnpj+dHsT/6TXHUg7gjAAFZD3lJCVBB5VVbWjUNAPK5W0npXbapcCRjrFIa0sKaGIkxvULaeLZ82qbKkCa9HGsYdG7vQ59BHEMGJfR8vzRPG4M9XaTpgHxzNnuJyORMTv3ESIJJfL9VIURfIoaKZp8hSly4QgQAWYmBy7hG2ekfJivDxsyZMQjWobtoycgRiU9XLUCM/zxKOz5nA4RFVVOZ2mmaZAYOwgl3RaX24TwkEuP0kewum6AE6MVdXgGMYt7fA6rGazY02Tk8WTwmHP625KLGgsyxmG0ZpMJo/t6YnfA3UAZySSJwlRa7XaLF3XqUAgQCIbG62UnVw0obBnzW4JfQcAyJfvnyL/JnPqzFWbxj98/2ObP183eZA1DXhaBMFpgK5SgFQEFoeBMS04aZH3b2cf2/Px5uZAdipWAmK2HEoWWzcO5C+7+9Gt39JMBBalA0no6sSGKRkOmjcAKOIsqcpwyuGBB993Ut//NAcCySQk+Sa0PYvSzkbul0hmzgWgHC3x0OMAoFer+WZdN1sxzWPLolRANMnpAIim64VcegnmnZWISL3AqipXxWwwlU8vbY1F/kT8Kggx5nI5ked5DmqATNE0iEn1IJd0Wl9uE8JBLj8xxxGTF8dxYqVSqcTjcTVZrfoFg3WYpi5U5Vq0UCq29rQ1P04iEguFdLtl0U5R9I87nXS1XC5LLS0tWqlUmkekhGBwe05D8vIUCoULSzVlTldb07f39gKvGywcfesvX/lbWed8DCuApVkgq1ngBS+wggn5WgX8ghMuPqnrWyfOD387Eok0XrqptldfHz7tJ395637Z4ryaKQHNscBrCtYoLzINGbBIA8gaXHPBwm+cd1T71/d03+3xGdmjajVlWWtr613kvS8Wi4cDgJem6ZyGcd60GNWysMEjupYppGYZGHPNIf9LLMty2ybLpzsETvJy5hscxxUqJu9wglQjhOApFCTo6CA6BLtAzFQXdjf9bEI4CPDIpSRrsQNjq6ozIkWpdNzvHyF/J5LD9hdbdCcy6aPdLn7Q7xK25fP5Fh3TwZAvslW0sCVTMmVZlshxnAtALAcC4hhJkU7SDmwdnbylycf/1eUNEqvC7rIYiwghedXW9Ek/+u2ah0sm5zBUExwcDxSjgqRQQIMKFs8Aa2A47+joj648a+Gn93fKL68aP/0Hf970qGaJSNdVoFkKGF0Cg/EBTytQNVRwcwJ88PTeb553dNv/7oUQmEpFPjRTLFzU2t78MwQgFPLFEziGSvIYDxiaVvMilIZwmDh26Ylt21rqqhrsmzv3zWSyGs6X83NjIddWmq7Wdd1pEGLb4fUZoGlaDum6SWIj9nd+dv9/IGATwkHsBuJ2nEwmWdM0cUtLC/kyYRgZYVBnp0I2arZeD4Wdo4XBQedhybLS19IUfV6VNU9V1mdEQ6G1TqOuIRFVKIoKmKbpoGlD9vmiQzsiH/mtw4nvBtzOV0Mh/8MNFwcAolQkzyF5BN6OVnxjtHL0rfe88nhONl0UtoCzEFi0CiZ4wGE4oWpp4GZp+MBJbTddeFL7jVP1dNwJzfNvDp/2gwfX/1XRBJ4CChDNAKOXQWUcIMgApoMDxjThQ2f2fvO8Y99JCDtTye8gOaFW09onkuMf6uvtvg1AEfJVfQFlGHkArYxUXKUcjkq1qoVkWmAlRXNzyoTudMaTk/na4R4XGp/V006UrmiiWvWQ+hKTk5MOp9Mp6DormgwlRLw8KRBDNLx2UpUD2Ns2IRwAaDtEenpwMrNkUw5dzIFWj7rZF6Jhx1pe1xsOSoqi6A6Hg69qQvCFTckfvzVZOdYCVNMMS2A4p9dBaYW+mHv1cbNDH+EswwGgEif+uiMUmthBCFz/5m33tre1/5Z1cOspDVwIgajoWpNq6E4LQ7ZYLnkdBj/cP1E/5e6H+28yOSdChgZYM4DiMGjYDQwqgUIh4BFtXnxC23cuPWXeV/Z3yi+u2nbOjx/u/40sMV6BdoBhAbC4DArHg4gpKBkaOFgeLlzWfMfSub6f8ghRBkK0L9BUJKoPHsASBEIdoCkAvm2bB788b2b3N8m/y+X8XKzrJmC6xDmdmbzKBFZtmbh5S7J6SFGlXADYUBmv15IqwuJW4b6TZ8U+TdNyI5tzNJpvlKwrlZocqTo9a6JYeZ9FMcjvoNd3e+nHd8ZH7O98p3N/mxAOcPXJF+8LT6b1bG4SYTEMR0XMJ64+un4OwGwrmc/3sqJY0k2TmPHQva8kn1oxqiwQiPO9qYFBc8CyGPqirvFPHBNeWNMgjLAZs0zT644GXzGqyqxyXV06NDJ8TTTg67cAJGRZiCwWSzMqxzPDPMv00zS7TRSZiRXDyuW//sumH+bUGrCMCUgmnr4kjMgFtEVBjSuAgES4/MTOWz5wYt+XyNin6sBDyOnZ9emLfvbQhvvqUgW5WAfohhtkKAJHC4AsGSgUAqQX4MoLZt68bKb/uwCiR1VxtKpW5gI23Kah+zVDjVKIt1iaJzkYz+qd0XOX0y1sNutSE0+ZGd2yCpyDSui6W/nrhuQjz2+rHoZITReKB02qAcuyMK/Fsf66Y4LLiOIQDw8TOCEtirThcAjpifKy76+rP0SZFLC8Bl8+sX1eT8D9toL2AJd52l1mE8JBLPlXHh0sDFbqfoNyw1Exes0JIelzyDSDBvAzRZbZSFFmmuPE3EObpQffSMIcy9QAaQoYlAN4pENfk5A5o0X9b0DQhgC3G7oS8PiCgxTDWEDRYjKVOWbBITO/wFBUFjgu6wJilwAigRDbP7G5NyogrRmon37rHa/8NaeqHMdTwGARgFLBNGngsAC6WCMCCHzwlO7vXNhJf23X4i1Tmf7fX91y7a//Nny7hWlWrdaBE0Jg0hVgKBZkSwIKPMDiGlz9gflfOGth+3fffc8dxwWXLINHUTT/xm2bvxMKB1exDBTHMspltKUAoqHC0bgfMWL/S0PaV1YktDaG5kA2FPA6hYb7dlRQc5ceFr1ExMWSpDMh06JCLqQWZYp1JbLa4j9l3NczmAGWluD6o+OHzwzvO+fDVOY/nfrYhHAQq337s5tfHSjrC6qKJS7tDj56XBP3Px4B1RSTa0OGjEA1CrJVdv75TfOe1RlmvkmpwFEEcg8gvQrzO9iNlywKvI/HmCgVgQ6LJ2cAACAASURBVKIo3ufzka8aKwMEhgfHv9DR3fotBwAJStpjhqM1A4XTv//LlX+pkGxpNAVg0GCgGtAMB4wBUDckcCIBrjz7kBsX99DfITqPPfkf7OZlpp5YP3Lxz+9d/xue97OyVAGgaECsAaYBDSlBl2kQaQk+fPGCG85c3LLX7EaN5LEjqSv8Ae+WgEccKNWMOaZR8xsYm5ailCQNm88OyD9fPlCfT5DCDA+6UgGKQtAb4ccvOix6sZ/WxmiaJlIOMdzQMu3gMunavPs2ZX4LGlI4F1SuPbrvjJ4Ab0sI+7m/bULYT8B27d5f0I9SipIvV5ZmxtzUhkN6Ik+n02kHEoSohbEVK5VS6ZDo+dOL8pMrxrUFGiMDTdNgaW6g1DIsme1affkhnuNNkw0JAiBd15lQKLSNKA2LdW3WRGLsurl9PZ8mVZn2NswNo8rJf3qk/546NoBmGLVc0loMq1x1eX0a6CaxYtBaTaJPWNpz51FHRL5LlHH7mvaO8msk45H+xOuJqx56bMMP3b5IieFwDWONqktKGFuC1+u0Bi2d4QVaV04/se/mpXOj+8xuNDqafD/P80o06n+5kk0uYSyDB0FMGBquaMhZf3RL4f5H1+ePIUcGDUTwijSYqgydfjNxzXG9x7VFhUESvk2sCjW329lwSFAUZd145soZ3d2PKZTAzfSgLbtL4rqveU/3321COMgdQMTh9GA6WNWqXRG3sBV5yVHfg6oqBC2lzI2UpWNe7Ff/d2PWiGqMSjyLgLa8IGAFDpnp2/TBBZ4jiMig63qRoihE8iEQCaFYVRZVqpUj2psiP5mKO+7OzU/+v3zlpktFkZpYPL/v+c2pVDtvMXylUG1/883155xw1vE3tHg8FWKvHx7GQmfnnl19if5grDzmXbd844dDoZYtzc2xNe3toUbKtOWvb7hIVdn4yUf3/Zxo/VM18MTdiMQT7LNlMoWjNU3vam6O/DWXyx3DcZahY97EACWd57NPrMrf92R/aqnIcZpi8hwxcZLkKq0+qnRSj/OmuIdZGwj4x0SRqiiKwhAxQc7lgjKl0L29h6yZSpHcfQ5ymnawCeEgF75YLPpIbYJCubbUHwwnnBwql+tKV7mmzQSpWvQ1hV5L5dHhqTqabVAKNkydpyyHt14udTkcinRMb/v1CGnIsqxkNBolbrukOKqQyuYvkTQj3tUcvXV/zYQvv7zuuljQtapnVs9q4g8RCASk8tiY+9WB5JWjufrs7t7o82Axhsh6qowpGxSNLbPhBAmIxoAxQ2PKNClMU8z6zfmznZZRuuTCJV/ZNXDorbcGTkjl1MUnLptzy/5CmM9X55SrleM725vuyRalYxjGrGoG+GnKSvIUNbxiMP/5wYy6JObhnzcoCgkMzhpAh3xOPjEvRD1RLBZ7Kxru9Dq50UiAW2+wfsfg1omPxmPuP7ZE7UpQ+7seu/a3CeFg0CNa7lKpizHreqZsnJ6va0dFeHqDrKouzhVItoQcf6nX63WSQSmdTvPk/yQ4iRgbxsaSszOF7KktseannU6urGkahTGuhMPhSSJ1JDK5S7CF2dZY+Df7G8H32LMrfzJzbtNdXdHW9YQQiImOlGR7/I3RK2/99XO/El2sioClLUyBCQap0NwIiNoBBfk3UVaScVqVepG94sQlt1977sL/IWnVdxZ1HRzLHb5ucNsVFxx/5H/tL4T1er1pcjJ7bk9P+6/K5dwcBjOmalkiTRsZS6oZE3npMM4XT3hZ462dWZCI5EPSxQUCKaWa9HsqNN1czuV6kaWKOudvUU1XV3er8IOAyzVIjjm2H8L+rsr2/jYhHBhuxLW4kQsxUy73OLWylKtSS9dtG7l+blf0tx6fb6VF0wYLxZKCmlDcJyR2mvlIqTav10tKssUnS+rZWC6J0XD0CUFgGrkDvV7vaCM1WCp7Ms1w6aawb/X+DJGIy489tvbew47quiHq8w3ukBDqABvpR1Y4rvrRH9b8XEMqGT8YgIFtOEXuuamMAR84YsbdFy5t+mRLSwuxbDTKy09OqrNe7H/tS5ecctwV+zM+0pdgt2Vg+Ly+ns6HSqVUK9IoWhdFxrIso5JM9GRk3NfW3ftYi4cf39VlmxxxOjpAzWazTuR0enDdcIBec7++afib4WB7siui/Dzc3NuIrrSPDfu7KjYh7DdiZCMPwADlzXrZcLhu1NIhD3a4zFxxcinHcTVV1ToDXu8an8/ZKGC6ry87kQQ2DqY/7gqgNW3+yEpyricJVwzOcAwOJM5r8gdf9zG+YYXBfopCLEe8dEyDt0RLNXSDcWiOlCmYutfrJTERbsuy3JLBBZa/tPyHxxy58LMiy74jueqLmyZP/eodrzyhmAoIFgKVpoHFe3fosygDPnTK/O9ee+bCL5A5kWK0oVJILEt65/MrVn/rfcceexVFKfWdiV53Byr5uhOJI51Os8SZqFr1utdszF87a2733VGXK73zmolspa9ezLb29nY9N9UvfLWKI6lqcqGHFlNqvehRAUSvK7Je0Czd3eyuwgAg1LudxOy2bwRsCWHfGMH4OBZdrhI/XKJOI6nPDIt3etlSP1IUxHG84Qy4c2GPZ0iSIJrJTB7b0dH00FSDbEpppTtTz3cFO5tWBhGqVFPVCDgB3uwfvmx2e+9DBlMtIKR4TIEzHNhhmmbNpVMMizDnQQYlWZZSUlW17HK5eIyxR9Jx8/KXXr352KMP/++WaHTLrhaK59aOnPG1X738qEkZ4EAcaBQDltFw9ttjI5LEB0+c86PrzvtHDAQJ6FJVpvO519b88OSjZ18Vj9dTCPXu8aUjRFoqgVNVa1w06iIJXrnx8fRxra3RF3YNtBoYHV3kd7m27Y1c3j3QVKEw10SIbfb71xLdy5ubNr1fV3Tk9oQGC5ieqSE6YGKr5uepVQtbQ6v3RdJT2A7v6S42IUxheYeKxfZKnel6sD/zSKWsOA2GQsfGzHtmN/N3zmvveWOn0o+IqRMT6TOdTu8Gv18kov+U2pahoWNqluU8tLv7+UReDqmWLqYnE0dE/LG1glMsKWo96uCg7mTZDCgln8zyImadGSfGVqHgkTo6wKilawGDZ8SaYnS8/Opr31p25OL/Rgjn4vHtwVakLV87csYNv3yxQQi8RYOMUcMMurfGUACXnzDn+1efs+B60o/EDjAMQ2kaanr+1bU/O+64BdexuyhE330v0j8er5uZjMdX1Nioy4ELGEt4Ml3p8rNsbsaMGSQvAmwdmZxV1+iWhTOiT08JtB2dtm4dP7+3t+XxnX4aFYyD1clJR7KGFj26NfXDfolvFxCCpU3ep09rbjp7b1aV/Xnue7WvTQhTWFmSLKSou7p+8MbkeqVGATh5uKSF+trphzfdtFO03VlPQJKk5sl0+qTujo57pyIlFAq47c8vbLp75VvDR4aCgaQmWYJJYQ6bKiUgTiZeBBSNmZlt3o0nH9b7GT9Xz+gcp/p8vnoulxNIsyzL1DRN0ADclYo+d0P/W/99yrJjPgygFHw+H8mI1GjPrh4576bfrfgzIQROxw1C2K5P3HOjKQ0uO3H2D649e8lnSK9hPCx0ok4lk6nFnnp1+S8Xz573XZfLt9E03fXW1nc6T+3wZaCJQvW1LdWblq+euJzGUNcxgG4g3kszOYPVNbcgSplSOhwNBnJXX7josqYpkimJHNU03BSP/6N+RCKbncGY5oQieCO/Wpl8Y6hcD1gGgiObPC996ri2Y6ew3NO6i00IU1h+ogg0WE/ox28MbaiWLVHlBf6CduFXx3b7vxqJRN6u3Exy/pG4ptFE4pxwILDS4WiUOdvrIZ2IuTfevXrNG4PpWZqhAm3yQAsMGHoNRIoEEvGATQPmtTsmr7tw8TkiW54kCUlV1YwKApM1DInneSpP1GgazQlj45nTh4ZHLzvyiEXXc4ZeD4WaGl9g0p5aM3bp1+9+5T7VUhtBScALAObejwwW0uGKE+f99LpzFn2S3GM8l2vmTJPXWNa1clX/jbM7m+9qiYVXKoqihMNlPZfzccSfgmVl1jAcRpWqUlSVUp7sz9/x8HMjH2RYB6jIAE2jQDQR6Oz2SElgAfwcVfv6J5cu6g4L+0zgSsYyODZ2eDQQGHPtoocg6d9CodDE4GB2xm/eTL6c02k/IJZZ2Op67Jojm86cwnJP6y42IezH8r/w5tilHOerFgGOD5jFzSKuVLrat+c7dLvdJIFpw7NPluXmfL7S1NISfX1fZ1aST+EHv9rwyoZkvQeRLzc4QFbVRj4DQg4aZwEyLJjVIiY+ffnSUx1CpUirYtiyrG6eR1s1jfZgrBuKIrkMzIubBoevz6ZzC3q7257QlZJmIKagK7UC1vn6pnx14b0vZa9weZ2AFB1k0wIG/VPh5ncgQkyTR3W71x03O3wfQ2m0auEml+io8aKHfnPjlg/P6Y3/prWl6RGOpyss8DUS2kgaTxSgBqcydU3ytnnLdz+y4Rd/fj5xDUngorEyGBYFDpMFnQXAigI0L4KHQtI3rpl3TG9H+B15GHe3RERROTaWPKS9valhhdmZqm0smTxcy4y5q5qDNmIzdagX9LpFR7y8nljYHW9U0bbbnhGwCWE/dgcpyuL3++WxstriYKuyrJpBq2L10jSgYNC3UhTFndKCMDY2uaCtrYkQwl4/wRhj8aY7N6xasSU7h0Tp0YYAdVUB0U2qnXGgoBLwjBNmtTgnLzq1+xMiLrKlKlxWqcizTKVYq0tcwNTlmmHqmBdd5vDo5Gyn003P7Gt/jcP6ULwj/nuHS9jEW4Hya9sGP/Dd+1f/wgQdWM0Ci2u8tntFgGE4uPT42Xe8/+jZX8C44B5N5I+pVirzVc3semvbyJk0suSmpvg6RZKcpmUihqYZUXQYHq8vxYv8UJPH/5iOtfJT67JfeX515VyipNSZKhiAwGnyoFMa0KS8m8lBzCmWv3hl1yl9Xa3vKCG3uwEmk8UOl4upu93ut70jy+Vy7+aRsWuag/57m5ub+5PJJE/8JrZhzPcAmFM5wu3HdnhPdrUJYT+Wdadtu0EM5bJaDQadJH15rlyeWymVYm6/f2vE6yWxCJDNZpsMw+Di8fjbSr3dPWoSTzpu/0lq3YaJeq9m5oAxBHA4nVA18oAMF3DERwizEHVr5tJ57KMel2oC7Wv3eUIaQ1Xybpd7G8sxG50COy46PaW1b26+zeV2TXZ0RG53ATPq8/mID0TjrX9y9eBl37pn1e8NpAOrG2CyfMMfYa/NlODacxbffMWph3yV9CNmUY3ReEZjQms3D9/I0pTU3tn+Cx1jC2saJ9Xl7ppUnyXLakxVVaquaZSu17LrR/EJG8fds7GBAbN18naCQyWEQOIvMKjgAD9Dqzd+qm9uTyQysK9l2TYysrC3o2Mt6Zcn1pVEehZN06ZCUwG3S+hndV3eVX+yr/vZv29HwCaE/dwJxISWKattrCXlWE3j3bFYBmPsaqRHTxfbdamODNYjrkpaV2u5UT8db85zhi4xLC4yDKueMyf8/V2lhizOur/947dWbkpasxhaAaNeBUH0gGZhQIgGMC1ArAaz2yLD157ffWrEssrYYVlqzdtB8ZZsWYpOaiiQAiomLXIvv/rKz7s7u55ujUYf4DjIenYJZHr0tZGrb/ztM3fxvAi0KoPOuvcpIQDS4LrTD7/l8tPnfqkhmo9jsUonnTrPCxsHRz8n1aXWJQvnfg4ACt5qVSm73UTJSdyvPZIk5UjdxWg0qv/04XV3PPxa8kMixQPoCljAAPkPmwxQSAad4iDIccqN18ye390aaZDqzvbcQOnaQllq00AgylaElCojmXTzYX1tv4xAbYtp6qzTyWRJQpR0uhYlUeKkYGw4HK7v68i2n8v/nu9uE8IUl3hHFiOUrtWClkK10WytwAOPfT4fqeD8dsIR0u+x1WOf/82K3LdFjgUwvaCpFeApDVqbgoPXHd9+vBCAsp4uB+v1fLBY1zsfeKb4401JM4aRBAJFEQ08yQ8A2KSAskwwaRlmtvhGP3PVgsM5TVMDAUnP5QJ+AKnK8zyvaRpvMAxHvP5fWrXqtq6OzodiweByYIx6fBeR+qkNk5ffePezv7OAA87SoG7xwMOeTzTEAqEjCq49ff6PrjptdiMXI5lroVBw6rpujmdLl0xmS8ceceiCb2ClVNN1vdrS0mImAGhUrTqa3W6SAbmRt+EXD77167+9PvEhhnyDiPJUcIGqKiBwFOhqDUyWg4DDCZecIH6yMxZ7TRBF09WMBo2iO/DbVckH1g5kFmu0h2JpUjFGBhqZsGxm6MELFwY/Wq/XlZ0u1UR6I3g0ciyGQtJUE8FMcRu857vZhDDFJcZvYQ5mb4Rk0s+43W6XjBAFJuMKe/jxd/vOP7+lduWPlifvoSkWOFwETLEAlgEe1pKuOtT9gYBbSLl4sezxBIuqKrO3/O715VtzuEtWyo0MR0Bvz3jEAgckMpjiNJjbFRi56vSus7ta/P0kxDoajZK07Nvl/ZERruTzCaRK8ksvrfr2okWH/1gQrK3kQ73zRSHd/vba4HW33vfi7USmcCJLMWiHQKwIezo2kL8zFAVXn334zVecPKNxZCASEsBGRCow9785cOJgInHyIXOOu2EfUZPoZw+8/run+0uXkeoTqlIDzuUAkjCGtVyADRlMjgWfwGpf//iiOT0R78BoPj9bq1YFoyp7ftcv3zFQQjNowdOwuBiqBCIDcP4hwdvOO6Lts7suYSaTiZmmaTIMQ/Ja4h2JWKl9WXumuA3e891sQpjCEpOIRtXn0/VKhW/xJGoIzdHI30jogd/vHyUVlXb1CHx5UDr/rhdGHtIVmfgaA+ZdYGIT4n6++PkzYr078xGQr221Cv6v3/XSms3peisplQ4GBZihAFsKUDoFmGVB1yowp801/In3LzmjI+4e2vVZb+G3uDlojkZcirly2LH8mWduXnr00V/vicUasRG7ti1bkouf6U9daWKEkSphTAmggL7dMwkTO+R2CcDCFmEkCpsWoymy65TFvfcsXdDxlx2/v/1yDQ1Ntr+6dvVHLzv/fTfs6UtMrAEbAain7l31u8dW5S9yCl6gsAYK1oCjDVA0Dlw8Awbo4KTM+jc/u2xO1y5+CJkMdt3+2vDqbWlpBhCvSssEi3UAcZ+4aFHkp+cvCjXMoTvbjlqbDZ0Jy7IM0SOMl8sBxeOpe7NZdn9T0E9he7ynutiEsI/lnJwstq8tS58Bk2UQY012OKk/zm6NkHTqHoxxsyAIhYpstAi0lJUkyzJNlluXlD/0hzXFG1iSIJl2gMWJoJsGNPm4/JePbe+IRFCjLgI5XlQq4Ht29ehXX35z04Ven3cYGwxdlWtet4MtgoYdqukIMTSoApUvtnrx2iVLZvxCody0pkgiQ9F1AB0YQCqFECVrlmtd/4aL5y9Y8AcPSzeKn/L+pjSwIHQ4obCvRCv72tlbJ3OzagbjRErNoE3VVCgQ+jdse98RC+f8nsOUYjA6Y5qcSdMUjWhGo5CC6gYX3rru9TNGctZhEtvkMWQ9yGJsAsvpplRHlNctg6S6CvW8u7uldetFZ3Zdtesxh2D01UdGtw2mpS5kakAhBBbrhHq9DucdEnpyWav1eUGgSzRNq6IompW81EMLuMpxXEXX9YKGUOytPPUJIjRgy6r1xehfzohGh/Y11+n6u00I+1j5NRP6SX9YtemvpZLm5Jyssazd89OFvHFrgbUOZwzc6/f7J3mnOMyZ6npSTYjc7tktlat/+Wr6LkvTwEQKGCYAMg3ojoey3zu/q+XdL+ZYKjW3VJEC82d0vTg5iR2msyIImqarKs+xrMzoomgwkkRPpIqLn3pl9cffmuSWGqzHYakI0SJW5brEOEVeIhmdqzVFdDgcspOnZTA0oBmlZCKKPe6Qlvs/cs4Rnz/Qjf7SqolL73ti7c15meqkQavRSJM1hKlCBQUDXlcdm6pO0RQwrECTClQ0gEXTYLY5qxtOW9p5W3DpkscdAJRVLPKWP68wpZAoqj49FkMkTyQQslFMOjK/1b981zESieXGvw1t2pyq95KK0ZapA4NIslkLLjg0/v1zDos3XKpTKey0rFKoXM4u1XXTgykssxw/mVSFBU8OSd+ryRJQNAunzQx+7n3zorceKA7v9etsQtjLChMz45qRyin3rJ14oqowAAILJ7UL9xwVUD6GRDHupN1qKOQg0Xokmo/UAmic6V/elLjy2SH9my7KGjAMlw8wFkxN4kWRq1x5ZPNxfj+Qr3ejLBs5bmweGDs1EnAtJ0E9RFeB5iBS6fht0ZwUKYnH3VkiPr82sP4jP/rDylslhmGQgYBjeFClOgg8CxZxRaZ5UngWeBYB1jUwKTcYGODsJW0PfPmKIy450A39/Lrhi2+6+/E7yjrv5YhijwYgLsg84wZsqoAtnZwywKJowBgBSbhI0ju+f+lht5991JzPE7fmHcVqSXUlMm+CGcm98LZn1OaB0aP6urU3SKDUDrdnlANwPvJK6q9bxrOLBHegyCBLogzJpClK6IvQz563uOtTu1ptyuVyQNd1sa7rPtAAD9XMY/+4Uf55WVbBonk4d77/R5fMC+13sZoDxe3/b9fZhLCPFduUSMy4Z01heVnlYgpFw9kz3DefPy/2VYwxn0wm6V2VdsT8mBnbFuE84ULN51NbUeMlaFggxrLZpkRBOmlpX3sj5+DOwiVbRtOX0Dw/2Bv3v7C3oZB4CpqOUv2ZsVO/d/eK+0uaSbPAgoJ04BhqR9QiBUYjrwkAi/B2CwWigAROnzrPf+8NHzrp8gPdoE++kbjyu7958k6dD3KmqkFD7CHHIVQHbGnAcwwoqg4G0MDzJD27Bdgy4Lxjoz/73PtP/sSO+RICeNuV+92FYNNppVuqDLd29s56Bxbjqdq8UjHd3hLretnvR2/XbiQEMzAwuigY9GzcWYOBKBWxA2MHdljVarU+ni+d+qdt8FDdopFGC3Ben+t/3zc7SGpC2G03CNiEsI9tkahUgrmC0oYoRke6hurlQjTscY+Ewx5yJkfEzr/DJOkZH08fK4qOLeGwZ8vubptIZGfIcq2pp6fjRSJV5HLl+YVqdWHE3/KnXTf67q7d8UKh5W9uPeum32z4M4l7MBHAdplkz43QA0mEct6RHXd87gNHX3egb8Fjq8auuu3+F+9Q1IY0BBaigehIrB0EtKf7XrSs5/ufunBJQ6yfSts8PHaOU+RSLdEoqXhtVasQGE5sPXP+rBn3704HQuJHhseTi1wCk4xEIgPZejbuAAfU64Yrn8/MVDBr0S5HVcEUy2JTDjPilpaWfSeZncpY34t9bELYj1UlYm6pVHKNj48f6faHJYbnxJZw4DmSJHV4ePRcvz/0hs/nXL8nExchjsHB0VNDodhWnueN0fHhi4Kx0CNhz+4JZNehNQhhAJgXqlvO+uZv1v+JEIJFIVJYba8zoBFqEMd5Szt+ev3FS9+hkd+PqcOjK0euvu2Bl36hasRDAgBTTIMQTHI82Eu7eFnvrf914WLiuDSlRqJGN27cdlVzc9tjXi+f2DI09rGgx/tiKORduycnI2IKTSRSC3mPo8iYpmCaZlsmVTiKE9i1Lpf4QiwWI1IFoU7ivrwPCp3SMN+znWxC2I+lJS90LpdzklimRCb/P6zoiXTFQj+bzGaXeUTxtXDYT3Ij7LF+AnlUulCYXy7UT6VZSgTE5LpaI79HCDUsAntrOyQE5vn1m99386/7HzSs7WXZLSK6761ZVoMQLji662efveSoT+zrOXv6nUgIt/5h+R2qhhoSwlQJ4ZLjZ3zvk+cfPmVlJtEd5HLlhel88eJYtGllLp88oq+7/RaEEAke22OrVquRQqF8GkZ0e71WO5JmIBXwBe9mGNjg9ydlYio+0LlPp+tsQpjiapPzKsn0Q9M0JViCUwKtb3gy+R2sm9aMGd3f9bnFlwCgvLMQ67vPx42XqOHUA871/dvurUr1lkWLF5wjABB/gYaT0d6+XjsLy27OVN5346/WPaCbWoMQ9iUhEMciQgjnHtnxk+svPvJTU5zuP3X7+4qha7//x1d+qukUQxyWpn5kmPH9T114+JSPDIQQZBmaEqnUpyczuZMPW9D7WSfPk+jHnVWriIRC9BCNJLC75KOgq1X5iNVr1v7K7fZQzW2x3zs47skygOU02GQgIGZ3zc94oDi816+zCWE/VpgoEsmmIi+7LMvxyUz+i9WKtMQwtFJvb8ctpqYRV1niY1CxLMtJqgpRFFU3TdNgWVZWFLNVM8354+MTN9SlemDWrDk/FlmThO+WMMaFQEAdRmjv5cxXbB09+Wt3rnlK0eQpSQiIRBdiC84+vPVXX/7Q8Vfvx3Tf0fWh5zd/+sd/XXGbabENreVOQtjXkeGasxZ98cpTZn5nT88lRFsoFEj8Q4xETlssa6oGdI4n0l8anUguWLJo5vdFQVgFpllhGCavaVoTRVEqTdOGZTGqgSRGoAXJMCCcyeaudDhF4n/g9Hq9Lwf9nkd3VMtW9hV1eqC4vNeuswnhAFYUZ7PusWr1VHcolMImzMgVCidVy0Wmu7PjZxjjnGEYSjgcTqZSpTBN6wpxmJFlRFOU4ksk0p/gHY4gTTOeXKEwc2Zv552A8ISpaZMURQ0Eg0HiCr3HtnLT2KlfufP1J2RVmpKEwNJ0gxDOOqz5zi98cNlHD2C6DQeqB1/Y/D+3/3Xl90yLbewZE6gpKRWvOmPhDVedPnuP5d1IBSZyBEMIeRs17gCcNUlfmExlLnJ5vDlFqVDtbS03MwBljLFpGAaRskAQBMk0TZ5hGMOyrNax8YmrRYcz19PVfouqApdMjp3kcAj90Wj0lQOZ83S9xiaEKa48yVtAPmA5AK4yNLY4Hg9vFUUxm8lkljkcHjWXyyzL5Yuxttb4z0mmJEmSEIk7Iv705BEkzqBWU3qr1fKSaDS2heH54NDw8Cc9HrcS8Hifpyh6OcuiomSxcAAAIABJREFUEa/Xu9fQXyIh3PCLNxoSAmJJktS96xCIhECsDOcsbr3ri1ccd+0Up/tP3f743KbP/PThlbdamEONFO4YNQgBb9cx7rFd/b5FX/3QqTNv3lMH4jdA0zQn6XoMGYbfArppcHDo0tbmlicFgRsZHk9c4PV4n/N7fK9yHDYx3p4mmtR1JMcGXQff+Pj4dU63oxoKBB8PBLwrCdzELySRSBzj57hNzkiEKBWJO/PbBXIPFIf3+nU2IexjhUdUPGt0pHBRRVLaOQalvDzaNrcp9pjT2Tj7c8Vipo+ieFbD2JTKtbgsa7Qr7F3LW1a5Hq4bTIL41QE4HA52YGDo0nh76ysOxmlSlB7CmIptHRj8WGtr+7Net/svimKUwmHn5N6GtGLLyBlf+fmqR1VdaRACNveeRp1YGbYTQtsdn7/8mAMyOxIJ4Y/PbvrsTx9Z+R0Lc43hEQmBQ+Y+rQzXnnXY1644pe/GPc1pR9JWD8dxTpMW+dGRoU/xLF2NR0IPMwyTq8oQGBnaen53Z89POc4qMAzD1mo1CWMc5DjOGB3PfcAf8I743PwEcFwl4HJt3uH4RJgKrxooXlezzO6cJHc6GHpwVix411RTtL3XX/7dzc8mhH2s+kBBnXvbs/1vlKGVp6kaXLskdtExLY4/kcuII5KWTndIPE82X0llGLmaSoUnytKyYS10SYC11hsGDmq6jEFXsWqh+JkLYpdhzLl4HjDSNDop6cuSmfzpc/vavwSaViX5APd6ZNhaPvNrd/zlNwWJCoosqbyEG668hq4CJmK86IC6LDX+5hQ50FQMJo3gvCNaf/bZS5YdsJXhgSc3fOkXj6/6et0SOQ5bQJO4AkYADZOAIw04hgEiC5FMSIAZoHc4Rl15wawbPnT84j0eGQghCILAmmbFIWliVzYxcVZry4xnKLc85jJohRz+H12duB9TnASCuywybIqxFF0yqQ4vpw/0+Y2HnE7nJCEHEmwWCARI6vm300ANFWrzf7x860sZPe6xjBJ88tj2i49ucfxxOr7sU5mzTQj7QGljXjvizhc3P5NTPE5s1eCC2YEfHeWlv/3/sfcdUHIUV9evc/fkPBtmo3aVhSIKICQkgRBJBJlgk2yiEWCDE7bxbxtsg7EBG4tskk3OwWABEgIkJATKeRU37+zs5NAzHav+U6NdvMiKCPyBmD6Hw8J0V1e/V3276tV79yIn60W0fQKlhh20xdHCqPIWXac7ysvL1XfWhH/x9Kr079SCBqbDBUgrAIdV8FgZuHZa3VinSEVFIEmMqg00oNri+VMkgdta5nd86Ha7P83E21vXXn5v00/ueXnpzRrjsrAUDYpOchMx0AzJUiKZisSlNCBTBVLLQDM8IAbg7Mk1f//5Ocd+7iXDPxesuemxN9b8Kkc5REJrTshZNdMERrAAmYOQug1SgohpGgwTA0cyJMGEa0+e+IfvnFJfLJ3e21FUcc7l9ITDwe/s7J7js7E7LBZ/knWgpJGh3QWaZ59Z3vnW1kg+mNJoEFkWGFMGAsHHDwm+dvFx1edms1l7oYCcokgxDoejtVAo+BOJnB+Aym/LUnOe3dB5aw57QWRUuGRcxQVTa6WnD+bl+CaeUwKEA84Q8PB/r9o0ryuFBtqsXOyE4aHbJlTZXk0pSlkmq54fi2Ynmwgjkc4/x9F4vQiQXZfmr3quSf+5qpnAG6TAibACmQQQ5OuOD472cKiLbF8KgsDb7en8qqbMWeF4umZwVd3rVre1qGQk2+1ZcffWGoQAUCoF0qam1Sdtb4tNbIqh4Sbt4AxTZQTg9OIEnqJNXTelzkh0YHl5+VaGxgZS8gKiGKFgapZjBnufv+j0CTcTmbhDjbiTHIgPPtoy+/01XVcotMWCdJWnGcMgmRCdHZnBleX+rRhpFAYKUyyLDcOQGKAxNnWmxq1sPu/4o39RUV/R2pXBPhNnUMjhyIXDRbJlnGNTQd6QuJScGRCJp48bM8B+N8/zqgKK087ZCWriu95p/WhHAhpMRgDDMIDGRjF+ceIA/uUT6z03FMAIyrLciAxzsMft3kyLfIRn+Ha/39HVFIPxb2/a9YeuqFIrCGbqtDE1P5sQcpLdh9KxFwuUAOEghkU4i/1gA5AADCcA2VosqhSRzEVZTg5NF6CGYpX1UAA5n89Lm8Jw7Uub1Z9RyAQVYzA5EUiCXMBG538y0d1QW+sPky+jRmsuvRAIvfzelofXbe8cLElSnMYCwgw2TVRQJCxig+UkmtYLLiHfdcww37Ozpo16mKTw9tcu7CsEikajlmVr1l86esK4J2p69Riam5OuAmVIEs4la2trtQ/X75xJS5Y8Z2qGhjFyUGyx2pC8eCyHEcLcp5l8pLoKRENzACRCoVAqEon4yvrxLISzYf+Kj3ecc/qMyX/vL1ZD2iM5FWRLsTsHzgVvvnFjLO9o2JUWxyjZAmcVuKxm6rxFgJRsKhZG5+m8rrq9Vsm49MyGM4awlWtjtla3z1eTSKVS0h8XdG9uSejlLGBQlDwwFkJFAXB8Nf3xtErmRxaHNcXzYl6SKIowWO3p0p7dFHegApikvuQgXP6NPaUECIfp+mw27Nd1QWIVJa+wrEIION7dEP3+wx+G7ydTekwhMHq/bA5ex1eOEWYFneJ6N02r4HRCvGBpePjlVS+vaUmGyNdP5GxAsxyoWgZ4YMEQNdC1nDm2MfD+Hy+fftKBKMFenv/uz0fPmv7XOooiyU6fHiQw+PayHRc88taGeSrinaApMuYkC4ULJJmKvPskMapPj5L8TWNSKqFozBmTBs777lkjf00i9f2Tpwhd2YfLN31/9inH7TPPoBdsmDueWPzcO+tSc6ySB/JyBiSHDfRCBhAtAI9YYDgBRKzA9Rc1zqqocK6wkw7naaa9kBv85HrlzR3RgoM19aLSlMFKoOk6nDXCO//CSf7ZRBWa7OJYLBazP4fkYbr2G3l5CRAO0+3xeD6EMWCvVyJ04LilpYVZH8U/fWpD4RayASAqaaA4sTiQHRZGOWcI/T0rR+U0pFEGYkWHyCtPvt1xX1NEDxlEQIWWgCw1KA4B6KSi0AGGmYeRA+zLb5977KQDdffVdxb+ctzE8Q/2sTL1P/+Vj7Z89y/Pf/yoqlIUpytAWwgl2f63LVUWwTmT6h67ZNqgH/j9fjI7+nRbY1tz94TW9vZJJ045+q8H6tezC3b8/p8LN9/E0Hwx4KkgsmVqgMgiMFQVDIYHn90Kc8+pOq3c6diRLMhD86lYOc9Iqec3Kfe1psFJ81LxWl3TCFTC9Ebrwjljg98ipeCOXsJgh8MRO1BfSr/v2wIlQDiM0UE+YtFoNAAC2LGCM6T6MRaO+XZmqdOXRcQb1WzW5NxuRlcVmsV61uuyJeaMtH3bbuOjOIexpiXtndHEyOfejd25PYZqCckqjzlQFQy8pUhJDFhlgBUYOKrB+cFvrxh//IG6u+C9lT8f3FD/ZlWVZ0Pv15l0q7gMeHPJ9ovufOnjxwHzNKPnitRuCvrPtuWe3IrkvxkO4Ozx1Y9/69iauVVVVZ+Zbu/a1XNcezgyfuqxI+48UL+efqf51icXbvwF4YxkwATVZEEQOcC6CQxHKNUocPESzJki3hRyubfzNgkqyqyrNIWzvr459c9wUqnVKMFiqqpuqhndYXfB0AD71kgfflCSuAxRb+J5XinNEA7kif3/XgKEw7AfAYRUqrtao+wDw+H4IN1UuwZIzEJ3fX12VWtsKiv36D5n1RaLxTDIgjqmchWDKhxNePt2ARoaSPIM3hVOVj3w4o5F6zvlAdhMA6EppxkLEMl2ChDwmAWT0mFQtW3d1WeOP3dASNzWP36wZ/cXr1hzvd3p3j56YG0xcEZqIPrW968v33XRH55e9k+aEYHSs6AwEljItuF+DtPU4YIpgx6+5txjSA4DCUh+WiS0qmn9BbJGB6YcNfwvBzLj3+fv+turSzquo1QEPKUXt0LJzAdwACg6CZhnQdRN+PUVoyaFPNxmwRQsWMqaVJ6mExQ3kEJIM01W5ykcTyYjA2Ta6qoMWFboWcUny/lGjmMZm9u2vdznI1WRB6j4OlBvv7m/lwDhEHy/RyCP7ACwLV3dF8RjifEel22RVRRXa5rWFQqFjHXrNk8oK/Nu6x+E67tVXzvkZW0ON1fc93znG5u7jOEUIwNtIMDAACMyoBRMIEWRhIEo6FAzk0cIz9glLauZUpXV4SiITCEusE7FbbVu5QU6zot8eldr96kCI6SnjB/0N1J52as2RajdmFeXbr347pc2PqyhAvAGCXbu1o3c30HYkC6Y0XD/1Wcfd31LSwtdV1dXjE2QnYcV63ddSXOGXj9k4AuQBMizWZY2TVsulyvTVdOj65okK5JXURJ4aVPs/JWb9RmmbgBIJCYrAK8JoCMDOAIOjBUcLAXXXxA4cdyQxncjkeQwniecayhIYpRGkZJNTGhYQ1gDFI50jS2vr5kvGIaGEKqIxdLTcnm5sW5ww11uUewqqTQdwsDud2oJED6f3YpXdXVlJsfS4emCIMQ9dutHkiR1FQoFUvjkkWXV7nRa1/VnVNrzViSw35nNOu97dOuS1a3yEE4wgNJN0A0MnIVoOlCgm2ngWR4mDAksnHvmuHOdTshGM2qtVkA+Q+mxxLJ4OIUVNS/LLgMDtbOl45R0Ousd1FDzb13LcQixjEAZHXaLt31jT3b8k4sjP2RFCjgd7ZaDP8AIoICHE0Y43ps+svx+La95rVZbrqClXQgz1lXrd1xmE6V8bU31m6ahCwwGzHK0yfKCKfJ8lmbFgl2it9G0mX5rTc+Ni1cWZhNCFSwqoBgmWAwWkEUHpKmgUxJUOhxw9VnBmZUucSnDSI2iSEtIR+OBAjcC5GEY1m9g9A5CqDvekxglWq1NdhffZBZMnmEkTVbk4RSis7RIRSr9/o0RACEIkO+d2ewf+Q5jHBxJl5YA4SC9ubNLG/dua+pPSHJKNrm7fWSAv89rFZsZi8baebsiy7KV4ziTYZhsR0d4vNUqtphm1Y4D6RWQJcPfnvz43ztizDCK1oEhym0MW9xes/BCkaPQUAowcXBg6a+vPGbygbq7vT06tbW1c8bYYSPvYtkc19wdG4q1vIILLPdJW/dpjy3suJERoDhDUICUT++fL8QwWThhmG3JtBFlj3IMB16vpw14pFsFh/zJ+p3XD6yXXhk5cMh8ao9djT37+fjbG//yyoKu6xFmAUkqFDQF7BQHBUwXCWhJwNDDMfDTbzfMqgpYN3GczWYWUuOB5W7GFJSReqZimxSzGTC1JJPLOHPZPOuvKHtKYtQtCCFd1wW3z+ds6u7urmlJm1PWxqgrs6zdL1Dp5hMHha4f6qIOKCJ7IPse6b+XAOEgPbx4a/zyx9aEH8oyNqqBl3ddNaV+Rp1baslkMl5GVXmdQ5ai5nFxp6H91GDQ96+ysrLWA3AcUM0d8ogHX1v50uY2pcE0SYUACeTxoKoqWDkGDEoAZCpw9FDvqv/3vQnHHYiApTUcH7Zxy7a5p06fVExT7tOMILORV97fePndrzXdb4BanCHoDAfU7lqhfR6EEOk70+v/Nmdi3S+DwSDZZfgUQV5Z+MlfJ4yqf6DC52s6kBkfe7Pp4Vc/aL2MxDApHkFe08HLi1BQASSaAZXSwGcR4QfnDzyzxuPdjHnFiVT5eoq3XFC0C02TLVECCGCaZjvGOBruDnucgbKFbsZ41KRRWNdFdyDgLuo9ro3oJ93/fstbGgKQmEz6qglD54yskYpK3aVj3xYoAcJBjo5FW9NzH17dcW+atsBgrtB+3fQhU2tdVDNZo2OM7QzDcLquc4lEYjQAA46K4KL++gJ7uw1Zh3d3p6oWrN5585aW9BSPw9Nls4qRrKp5DMO0WxgqXTAYG8cjubHS/sHsyfV/OFCWIdkGXbLik1vPOGnqZeTclmi0vMbnI1tx5qsfbrr8Ly9uelBDCggmgMHyBwQEUqdw8cyBf7pi9jEk/ZjsWHwaVPzXO0vvPHbcmLs9HqntQGZcvKHr++t3ps+gNFU3KQrHE/l6Ny/1qNhwC8BQ4WQ4UBEMZk+fUnWF1+kI59T4WLfFUqbqcIthGFaGYSgCCqTaUdNNU5IszT09PT4V07mglf6NwEsrC7TAB9y2taQvy5uz5z++IvKMYiACCJmrJg0/d1S1+PaB+vlN/70ECAc5Aj7elT9n/pbIbYZodbi0ZMdxNda/lrmllSJtKBzHGTRNs4QUpaWl7cxQqO4ZUaSSdrs9uT8Jsfb2dikUCmkrN6w8jZVc6WAwuLGidx99447OY4cNqFhxqOIqCYydSxcuufeYE46b66WoTH/dyZfeXzf3Ly9tvtcADUREAnkHloMHE+A70+rnXf2tiTf0j96TwOjzr334+MnTR/74YPf++wdld3ZkBtZX2lvDAIwtm5Wae3pGZrMwZlDI+RTLSoGckRxuZaRKAHoMxngQ4Ukg6s6macq6roPVak3Lhby3I5qorfa7bxdFywfJvOqtDvoWd3d3u7dFCnM2Z7lzk5QlKDByeNag8p8O83AfHqS7v7GnlQDhEFzfmyJMKhuLZJ3huDo00r5tos1mS0h2R49m6P68nKsu93leM01T9/l88X290IRW3WKxiLFwbmha7fRUBKuX0zSd7xN7Wbdp54yRwwYc8hSX8Da8/vbiZyYfPeYmr9e+qRd09JYWYNe0rr/y7le33k22McmSgRAo0//JM9qrJWiag/OOq3lg9oSKH4VCIbUP4OJx7Hh/+Sf3nH3K+KsOtIzZW8Obt7WcOnRg7ZvRaJNd1x2mJKn8ttbc+X4Hs9NmKysINkbDBaMaUVQdUcgilYxFKkeaTiOEJIZhGISQJRxPT+QAdnq8ntdjiUQVUNRWvyvwjtdr6ejG2FpGUfLe6OwOwe3fqFNLgHAY7iYAEUkmhyV64hMMEyoTicSw2gG1z1s5aQOZIciynA8Gg+Ql+kyEm3y10+k0kYJzrNsWnVs1QHzRIUkdPouPULsX6yS2t4enSk7rxr1lHO53zU9SlN9d9vyYsSN/T6bPzbhZrIVaA1qAfaV53dy7XtlyJwEEsmQgEuykInF/B9kEvfCEuvuvnn3Mdf0JRnpyPWUffLD9rm+dcszlFEWRSP5+j16qeqKBSURYLat3Nt8wZkDdnalUKsgUGNmUTCOr0I1dzVun1tYPWY2FHBJ1ERkstgssS5mm6esVcY1QFMUahlFBQEI1oHFzU9OZdruzze9xPVdXU/kA4ags5SIcyCN7/70ECIdotyIIRMBCiekgrXMFv98aJoG7VEofumr75l81Vjie83vKlkuSFNvfl5O0s2VX9ykeq9AWDLp39J0by+crqYLp6urpPoMWpO1D6ypfOhjl4qJwTDZsZzHr+nDp1r/X1Pmeqa0J/Ntr8Xb0PeLzH7f96N5nF99pmAwgTQBOUgCh4rp8n1YgSHbVWcfecem06iKVOuEvUMtVlN3FTl+zesNVs0+Y9gODRzqtKDThjSRxBkVRXJTVmrepNFuAAgE+QpHGmABumuZEQzWGtHW0ntZQX/8Hl8u+gABK33Ii250NdKcTJ4UGVi8WAUg6OJmREaZnugAgSgAkHkLnAVxKxhiZibVMimfRtNq6ur97HdyL2WynRdNEQsVuBIPBYuVo6Th4C5QA4eBt9ZkzyVScBLoI/wEZoK3dyZlWt3s7B2kz3qmMZwVbT03IVpzyE91Bkyt4GF5SGRqYbE72F5ScX8+p5SOHVhMBkk9nEPF4fBhZM0diybNMDJtGDG6440BJNkVZtDDwEZp8PG22Dau33+7xCUsGVle/YQvaPn0pFq1uvfj5Nxb/pKaqZj2D7WZOi0s6xRKOwj7lZxoRCTlCbEBhhsxkUolkxYlHD37xnJnDSXFT8cB4E796nXhaW1v7STOOH3gTQrqp6xbDNE0kiiKfN/JlNNDlkklxWLA4MTbKAJBb100/RXOOQkE9KhLpHlxfV/Ogx+O6C4CkNYHc91XftCt2XZqyj3XbqI9cItdkGKZXRyYt2PmdFRysh0TC2lMw6hQ1V1VdX78kmjVGpNLJ0Y0h/0OxWMyDJQmrVmu6VNl46IO7BAiHbrNPr8C4XaKo3fn9O1paprtralb2BvLoRAEqUi27JOQvsy9pyv1iXWv8WJbGKsKYUSnWQxsqHlLu3HjNibWfKVjKEkCg6YZYOjtFVpTu4YMa7zrQ9Lc3tsFHIcpRMcqxYUvbhSKLYsNrB73uqNhd7NMei1Uu/2TlhZOPO/bRA+1+9DcJkb1/e+lHN4wcMfD1ITUNq0jsg+d5dnNz56yeZGb05KMaf48kyULl8xThMSAp2jRNezRTG2TlRFbRzXE0bdjJzAAhbKEoTsxkc8MTiXhdVVX50x63+1HSPQAgM6ricumN1V3Pv7U2co5VklDOMGgKmyAyWC8L+uSTB7Df5Tmux2uxdLrdInk2kjlJdXb2jA+Fgh+RXR/Cx4CQP9snJHsYLv7GXVoChMNweXMsM7jO52jq6kpUMwyvBnu/xr3rZVJSbHQlCzX/XN7z8sfN+TFc745dgbODaCowtdG7+Nrpwal9QS/y70QiMQFjujGTL4xMxJNo7KihvzzQVuPaXeHxq9b3/FTBeRfNClyiW2vAkE0GAuXtDklsY3iHurlpy/gxo6ueOn1C/T2H+sgbdySnvbhw+R8ClQMjFpaRdS1l6exODzEZyT/Az71rAmcXWZwfUet9OVQufkhIU3Ud13I0W2aCPh7AcBG6OYQomgKWSaTSwwxDF8orfK+4rK75OtI7OY5roajduo0vrUm89uyyjtks4ZGgcbEikzVlqPTbC1dPrhxXXbabN7H/c+BmLLZKreU1wZquZDIpxt1upbEXYA71eb/J55cA4XN6vz2d9qxsk3/tYm3tsVy2ZvQA30MNHmHj3pp74L22lz9qM84y5BRgUwOZdwHhTjummnvrmpOHnEzW/72swEw8lToZMDOooBveru6e0ODa8uucTuc+VYsI0crGdnzuY8+t/Xtc1ShRsoGmMoCZDNAcC5whQ8GQgGUouOL8cdeePtZ376E+8kdbsmff/cSHz2YNhtPyWQh6XJCWZUCMBIKRA8xaQWIUOOeEwY8fM7z6dzStsRTPOFlDrkMUfwLDUEEAzCFSdIRp1NXZPY5lmazL6VztDXgWMqBvAuB2kmJRskx5fmVq/itrwieqBAgwAwxLAY81qA7YEz+aWlfv8VCEw+EzR2c8X7Vg4857XVZ3OyVBx3C35akBFZ4D5kccqi2O9PNLgPA5Pby1OTP42S0dL7bF9YEqIOqE4eWPnl4d/ClAAvKmGQz5/c07duxgHAzjemhN4fW1cWE8h1RgaQQyZwPOKMBRHthx1nDr9xgGc6IogMAwYkrOnstykhsDo3d395QNa6j4DkIo5fP5ilNjUmBElOBDoRDZHkAAq6iPN/qPv++Zba+lDJBIBMDQGWCEPBgYAW8CKJgHESi45PTaG+dMGfinQ33kFVsTJ//p78teUlhRIpVFoFPA8Qg0RHgTGUCMFXA+CpedOfTBE0cHfmGappXnwWEYuXEGcpxLAQQAEE0EoU1E6buaW8c6HLZui1VqFyS+C6lKj2rgHhoZqwAEZcHW3J+WdChjiHYlMgQguvIM6FDpFPJXjndMNhVqR3iQrzCNzMC6uizIVi7t6Mx95+H1bX9jVQEc9mzy4qGVs8cNCpTyDg7R2SVAOESD9Z2+q6tQc/+Kne/FFalOYSiYWi0+fVYte5Us+w2HI8F7vd5P9RofXhx+ZmFT6nzaVIHBOuisBJShwqhq97qfnVo3gfAlcpwsyLJcFk9kLlE0/ShNN72t7R3BYMD9IcswnbzAt5AEKI7jgBO4Lh7zWwQBYuXl5cmFK9rmPPJC0zNpMGmaJozIAlCMBqpBA0ezoGMWXCwP3z2t4upZk+vIttwhHcs2JM969Lktz0bVPK+TkmzKDpqeBFGQQDWyAIIXKDUOF53SOO+Yo2y34zwu1zA1BpnyTKVAn4iwLmmaxhgGQhgxRmtbu1hTW6XabJY2t9v1ocjDEoaXPvHYbLuInsILn0Rf+de68OkaMkHCGFSEgMEaHl5XvvLGU+qO3XMJlUph97Id0Rsf3ZW+UTQsYLelMlcdVXH8qNrdacyl4+AtUAKEg7fVZ84kwat5q1PvqRlwZihkP22E/5ZZDc69rs+f/iT5+CurOi4RWQZ4WjURIzBKPg8ThtV/fP1Uz8T+Dedj+co8p4eQTg3Z1dZ2eUXA/yRFQw9CFGMaeo1maCFN1QqmiTeCCS1ke2Jzl3nOa4u7fqhwBiCUB/KVxGACy7gAOLXIgszmFfW67wy9/ISJjU8e6iOv3pWccttf33tNk1hXHiPgaC9QkAAKYWCxAZgNgqkm4MxjA8+OqXM8Q9NcuYLYaYIIoyw842Y4xmBYKsOyYpRluOSunS2zamqr3+UFdq3faX0QADr776S8sjrx7AufdJ7HCRYgMjOaCUAhFYbUBJr+38zg2L3lPWxpzh7/2PbI04zMMYiNpS8dXjN7UN2BaywO1RZH+vklQDgMDzc3N4sORy1vmlFEuBT31VRrHA/duHPX7Eqfc5GakQOmKEkOydYVtODmPYVZIpFUPWNhiOTT4G2trb8JulzzPTb+WRYZCYZhOZMSAyZiVZEx2+x2e5ZkQi5a03bGvOfWPV/AIs9hE1gEYJCdetYFhq4AYm3AagW46qz6G2ZPbjwg3dmez7F0U/KMv/5zzasFGgNSs2Bh7aDiPJiUBShUAMw7AGsF+P7pNf9vdrVwR07yORCNnJihR6pImcExNMUzIBPKNFXT/J3dPceWV9Yspnlpmc9peXTPXRQSF5F1KpQuyBXtBceISrfwSWf7zkkD6gYsGxyQlu9PFr61NeazWHB2f/44DJcf8ZeWAOF/4GKydRfXaV9DwLmDbNtha9BSZoP0vtKacXu7lBKEwR2RyE1WKRiE3o8rAAAgAElEQVT2OR3zEKdETdm0IX43C7Ou64m+6sNFq9vnPPjCpmdyJsORDB4WU6DjPOimABKnQlZH4LPa1MvPbrxixpiaJw71kT/cEDv7r4+tfiEHQOoSwcJYQUcFMGkRWJwGkBygyzm46JTQbeedMO6XZPZkmmZQZ5iAhePKNNMcgwxcBSzLqAVtQKS7q64iVPk2zwvPBJzWf++rP8X8DTPhqaz0thOWqZjL5SGamYfa/9L5B2+BEiAcvK0+95nNzc2u2traHJkWE0AQBIHbnyBLUd4MoYGZrHZ1HitCwGO/3wpcs8ZxisfjyYXDYZFlWZp8BclW5Turtl30yCtbH0wbjEDEXVmTBqBl0EwRRIoFnaKA1hS46ryh153yObYdl27smnPvs5uezAEWEdKB1jlAWAZgRRAQBWQZIdIA3z2j8bZjGl23Eb0Jko+QR3mHgGkHRfENBtBHAc0HMrns0elE1FlfVX4XrZuLHH7/tn0ZNhLJBU0uI1R4Koq7BTt3dgx0uSq7vV7q0/jM53ZK6cK9WqAECF/ywCgOajMjlJeXk+QbKpvNelKpgrO6Orhzb7cmWYfRaFSkREdFKpWfkcx3DAxVVjxkw3w0Z+QsNhbyhQJDZObzPp+vsKM9XbN6R9s1zy1ouSGLWCBxfyJ1yosGEH1aXWWJshrYaQxnTS2/78KTBx+SnBtJenp7ddfce59eeU8WG0R1GVhDAkzLQKgUkCoBbeWB1gpw2njP0lnja66z2Ww9GMewaPIGonUHzVh4BaEGmmZ98URihqrkherqijt0Pd/u81XtU7quqys2mLVyZsDp3E6AryOaGWACstX2ch58ya77RjZfAoQvye194inN4dzkoJPeYbFYSF4+SRG27mztGtxQW7lsb7cmcQny/wWv1yZnMo3ZnvzI2tqqf5smIirzLpYVkxynK7KsBzL5XG06yVfsiqRmLFuXPFM2MEvUmLGGGZbXcrKMXaIdpzSsmpxu4tlTGx8dUe14s6KifJvNRnUf6NHJlD2ejk/c1i7PeGtJ29Uai0kcUdBlRhQEnZClAMMTDuSc6BJENGN08I2GgPCOxEumx8+stVicROKe1TRNMAzDQ4KB6XT6JFU3BX9F2WuUxuZ8Pss+AaG9PTzebpe2u3pFZ0h/27u7R9iEYLvbvTuJqXR8sRYoAcIXa89ia02JzLGywVZSikkj2hDGVrqIOKwCkPUA2NG2bZtHDxo0bL+lzSRBp6Ojw5mKhQfbXP7VtbW1ZEOBFPpQXV1dQ3uSuYmagVFdhedJhknT3QnLgDxCnMBCwTQFBrEq6myNT6oO1XzCO6UcZ1K8X+K7NFYWursSs9w+26oqz26q9r0dsVisMhpNNvp85iqfb1C+OayEeJue64jEG6Od8gifT9wsWMQcKvB2jVasGARbjY/eINF0vrk7daFmZLxBd/VmC5ffxHFSpyiKhqqqXLQ7erxgEdptNtt2JElm0PafWos9+9Ha2jHDVW1f4wAH4ZUoVmCta41/qyWlTff7yla6QG0bWiku/BJc+I1tsgQIX7Dru7PZwLOrWp/ZlTDHIA3BrMG+B08dGfptb9mvnXADtra2jqitrV20r1u3RaMV4YQ+QQELH483V/uD5VtoitIkCqm8qRlqOjmQ4Tjwl1ctsynpqCMUSsEO4KABtF4JtaIWw5o1TceOHj14KblPf6KUWB5X9sRaJnOGwDfUlb/Qnw+RnBcOR4+RlUKZw+NcHXS5PrO0ITsA4fbU8BGjGz4T7e+bEbW0tPC8I+iX1Z6je1qzp1QEHW8VTJ5WGVFUDCYYi8fHOuzCx1Ye2lwu567GgHWvuQJk6dTeFTnV53aslCQp2heAfXVzz73/2tIzFzMWcNKo+8bTBzQQzoMv2I3f2OZKgPAFuz6Nseeuf29fuSVN1QmMBY735l6deVTNz0Qq2y04HJXY5F3JcPvQmvoqMmsggcbP1B5HZbl8+dbMLxes7bwogxxORSey7hzocgJCVq1z6rDAnQMrnfN9lB7XBUHTeV7kdV3N5VxqVdVu3UJC707+tXl7y1ifaIkF94hX9L68bLwjPiaaSwypqQktkCQpXCgUylu7uk8VOLEQ9JUvtFige8/+dXbuqIp0mgNHHz1w8b5qLEg5eCzW7gPNZV/Vk//JJ1taTt6VMCopRxnkCyrYWRPsVCY5vKFyyWVT6s7Y0wUklVtRlGBrOHqFN+R9lTXpGErkUQEj6d2W+J8XtuRn6yBCnccevmFcaGAgQO1zy/cLdu8R31wJEL5gF7dhXPHcW02vbUsbY/KMnZ4dEv4xvsb6R4egd8kqnq6AZWpXW0t1wGVdbHM41nBUJkbTosrzDsPlEiPptrT0Qcq8/aXVsStyqgkMQ4GJEWBDgSqvJX3Ncf6JA8u9OwF20OGwlbHb7VZd1zWPx5PuLaoigUsX0WbMZKIeU8GO6gEDVuzlpRPJzKArJY+NhLtPt1qlbqQjyiJxO6vKA+Rl/4w2ZN/1GzZsOFFk7bkGsWYN1AIhf9krmUIxCNjRIUiS1/O393Z9vCtJVeqYKkqwAUnhBg6mDgws+N708lkkthKJRASKEoOapvgpCmyZPJrWk8geV1duf4kTLU2MADtpzpn/sCV+44JNPdeYnEQFbFTb706srf+CXfiNbq4ECF+C+9e3R6cqIHo1WnCX8bC2wc+v6v1y8wAghcPRowTBjHtYS3ecFoM6UuxyHlnttNaayWTE5c3qzQt2Kt9CjADIkIEuch+a4LeLyasmuSdZOdRms9mKFM+6rhs8zxOCV4NIzJO1Qi/dGFUoFMT2hH7G+GHV8/bFapTC2J0Jx6duamq6yut0bj16zPCbqP1MwdesX3Om2xFos1r57X10b/syIfnSd3TEfY+uSX+4I2rWEs1KMBXgRA6QjmBSJf/hySOd3xdpRmOsrCoSfW0ogNvN5nM5PZiRlfqKYAVZWn3KgESWNDui+lGY5hQe51O1fmspL+ELHMMlQPgCjbm3pvqv3QllGuFjTCaTXsMweL/fT7YiyYtNgoVFGrJEIiGs7IIfPbms5Td5gwWBNYEu1j4gcFrpwjXH+0Z5edzFcRyrqiwPIMsWiyEahoUQvdKEZgwhROTPsSAIemtP4rjhA2re3hMQiqQqAHRbV8/UfCFfUTWg9u1UJDIsl1e9g+qqSbIQ4Y38L+n0FStWn19ZWbaQpulCWVnZftfuZOmSSqWsf1wU37wtYpYzNADPAuQRAEdTcPJA2wuXTqk4txcsyQ4MGY9kuWNGM5laStMon89H5N3J/9f3R2n/JbvxG9N8CRD+B67uJ91GXkIcDocJCPjLy8s/k8NPukKyGt9YF/37/K3ytxDvgIKhAY0FYHQdPDaAG08uG2j1F7r0Dh1xHEcHg0GNKE6Ta8lWpQ0Aq0QngmE4AYuopycyYPDg2mV7rvdxGnvWd3Vd57FRHzud5SvtdiAl1lRHd2xyJh0PlQcCSzyez5YPky/+2rVbTq4cNWQhRKNwoPRgAgjRaIv3vo/Ut1p69JFmvgC8wEKGAAJDweSg8tLJI8su7N1BKRLX9sY3uHA4N0AQtM7+RWL/A1d9429RAoQvcAiQ2UDv16xvcBNx1P9iMe3o6PBms2qFz+doEchnXI9oqmo1slmlEVjMt2T4U99Y0/H9jEFbKaAYnhWAw1j3uqT43JkVE4M2G4m6/9fafY/ZCNuaB3+ks3OMqeYpp9vVAYyNFygzj7Md9p6exNG+qkYz6ODnk9kK0TsgcQeGsRbS6fiAnlhsvNVlW+sUA7vShmLlJD5tFHRXJq3UBap9Ky0uMXYw0X1CC3/P2x3LdrYlh4osC7qpQR5okCQJZjZK9w/yFJ5gWBHxNDLcgtAukEAp7fLFYj21dl7bUlW178SlPtf1BlHJWCbPUJJsO4wxXQKEwzDewV7an769PRYrb+lRZ2Z1CHkctm02iekRc92ZQqFgE+1udWBd1ceESn1bHIarFLDZSKzGbreFdSMvaSYXnNTg+MeB7kvut2jDrhs/WJO8NIaEeoHScwxLsgZZ0YMzkeMbbLcNrPB9oAqORhtX6DRNUxVFMUkSiGiaJlmQGVKK3R6JjV7cZvn5zni6nhFElagiIMxJkt0WHVFleeHEse7fHgwobOoozMjJssPudIR7oj2NlRWVq1QD3D4MawnNWUdHPFQoJPyGIct5bBu2KSdcFcurtXaqsHlGlfeG+vqK1v09czHVm2VpwzDQ/rQ0D2S30u+712al40u0QO+sgSwTRMput7Ym0ElvrAv/PpZHIZExY1OqpCeGB5mnvA7HLgVx5ZV+x9b+3WltjdTX1AQJTwDs7E6MqA+6CSsTiR3uV4Ptjaaev7z2QfT6OAUgIBUojoeCgWGQC7Vdfkz5jAFKuj1fUeHJ5/MVNE33AMmYQsgg//TGG8iWqP3plenn1rVlj1MQBg7lsYmJPCyvThnoevLKmQMuPxjTtff0NIb8/jbCmdja2uquqalJ9pep790dISnb/Ibu3Hdf3CzPi2EenCKCcwf5rhhi9z3Vt6W6t/uRYqq++ElpiXEwHtn3OSVAODz7HfLVS1tTVzyytP2hHGUFG2fC94ZI504eWvkieclj+XyZ32rt6t/otuaeUQPrAkV5sh3R1FgH1jr9fj9ZMuxTUIGA0EtNyfufX5S4gmE1YIw8aEQjUrRBvbXQMnd6zTEkOh+Px0MsyxZTpTHGJkmJNk1BL8qlaZqe8/n0J97cuWpTGIbmTaKRmAeKYQGbFpjaILx4zbTycw5kgM6MMiifyFoba/1FoVUSzOw/rSezmY4MuLlCRCVByo93xM58YnX8lRiygIhycNHR3nNnNAZIzsY+j3g87iCAgBBCJUA4kEf2/3sJEA7Pfod0dSKBnWsS8hWvrdxxk0zZXSbNwXVDtRl15Z5VsixroVCIbK8VYwPkpc7lwJPIJAdWV7hJHgGJwtOdnZ0jnU7nTrvdTr7q5Dyy1VicLZClRt/OwL9W98x7ZEX2WgvKAotVMBkraIwFasR8xw9n1U+s8lk6SXoyIT+1WCzZfD5vI+rVRBmJNGWQyglF0Z9el3t7dZs8WaNtwCANMKJJDTRMqeZfnTtrwFl9YrJ7MwT5rXVn67hARU2bJBVJUPYpAEGAoiMDjtZY/PgVLZEfdOWgHiSn8N06c9rQhuot+7u2r4KURCRJPsYhOaV08mcsUAKE//GA2JkoVO9si56CeY4Gk2KHubmXLRYqS75w/Yt4el9wMdrRURWoqipW+xFAyGTUukwmMSAUKifFUSRDz0o271OpVCUluZh4pK2Co6jUx+3mL1/Zon07TzPAaFnQEQWcKEKjQ++49LjA1IHB4C6ShixJklWW5aDNZovm83m7pmlQUVHR3tHRgUOhELpjfuvy1S3xUYQEhTbyRQVmRAFMqhXfP3WA9AOaZrM2G6vxvE9xOIAUPBFlpuIWYk9PYgItMJrkdHZYAeIEaJLJpLX/S9tf77HPFSQmYJpWERwAIYeD8EbsV16KLD8ikQjJ8YADbYX+j939tbtdCRD+j11WFENJpewulyuzZ1yATIVRoVDmD4WKnAG90XSuPRI7QaSZpN/vXteTlscbcsKr65TdYCU9UOl9w0FR8fc3h3/26KLttyusFzwSA5qqg45MGGBF0TPHBS4tc7Of0JLLweM01jSKKCuzPM9HTdO0y7Lm5HlrRNNSjkc/KXy0vUf2EECRWIQ106AIkevUoyrfO2Ni2emWLEiqmq6WlXyNaZoSLwgpm93SqanImszIIwfV4n8AlJPofzHzkWyr7o8L4vO6g8xGSrsMn9d6/7muBAiHb8MvpYXWlDY2lsdDlJxc0VjtftkvAEnQQem0UpvIJk/obO+YHfD7V0s2sdnndC4kBUA5AIcNdjMxrd3ecW6H4ZjOmnKE1tRMNpurZwQb57LQTQFRWclRVNbi8wFvGHmr1ZpTFIVRFMXP22wyY3JKT6p7gpzOWVXRJ2RUypNIZ2tCZd73OIbTcoZWw2hpetqI+jt6g6YkxZBs91FZTaspZLOhHS3tFwgcH6uqKn+CEcW4V5LCW9PG8Zs78pfTpp722qU1k+uK9GmlbcIvZQR9vkZLgPD57PalXkVUi59/d+fCpoRxtMTS5vAy65oJIeGPVpyKckBRdk8gFUvLJ4iS2FXmcZKsQvL1JV9IEoNAPT09tryuNzorKppdAIRdiN61a0sdYq2cz+HoUpSUK5WSBxVAGF3lcy0wTZPjOGuGpmlB15WBiVRitKIZfCDoexp0fTNFUdZ4PD6w0mrd5K6rK/IQdHd31wV1vRtCIa03vkFyMHTydzKZHJTPa4HKyuC67u74AJNhNKzm0Os7lAcWd+JJNIWh0c1svf7kARPcAGRmtG9xyS/V0qXG97RACRC+gmOCZAT+7u3mHZuTdAg0BaY0eLadOtZ/co1I7erNaaALBajo7Ok4qTLgnS9JEtFGxCSgiDG2trS0NNbW1pJAnBqNyuU8b6jptOLO5eTK6urAVpKApCiKO5HIHiMXctXBssBygRUzqqo0RuOxqaSeqrKy+mmEcIRlcbgjEqkRJCnnEIRwX/1COo096XSkwuOxRa1Wa09vlmGR0rGlpWVwbW0tEV7J9jfvs6vCr7/VYpyu6yrUSoXNv589fGRphvDVGoAlQPhq+aPYGzJDePadjW83xdCxNDLNyYOCr3/76IrzSPpxLyA4SUBRlmVfNCGPrK0KLCCAQK5t7ew83io4unw+O1GUNiOpFKkGpLCiSNFodGAwGNygYWyxcFwS4wLO5pmZ8UR8Ks8TBQeKaD50u73uhViHBEJIE0WmY9f2LWODFYGtDGON9U9XJvGAVK4w0e92rLXZbEUGps54vEpVFEt9ZeVn8inIb29siNzx3vbkFchUlWq3peniGQ2nEy3Mr6ALvrFdKgHCV9T1a7tyM+OacBTD0JqPKWwdXmF7u39X+9KUN7dEzrJbnBsFvxDOdXQM5ThrIRR07yBTd1K1GI1GBxGtxWKdQkd4Snl51Ts6JTAWFqualqFZi8XS0R6+trsrPMrr80SqqyoeZCmqg4ABTdNyToG6VCJ+VFVl6I080WP02rb1Rf3JbCSS0+qyyXiF0+NYz+lWpSfRNnxgfTWpnfivxCmytbgjDTU2BjIGA3yVhdonfdpX1C1HfLdKgPA1d/H8TR0Pvt2iXGlBdM5nV9tumDp4ZBiAL++NJ3QmEsfylMQabD6ai2X8YORjDQ1Dt6ZSKVvaNMuT8fh0CwLRbrNHotnsFFbgO71W50uiSHeS5CRVzdbldcNldwfaOMPQ9kaD/uxHO/+1KomnGIjmBtvwkiun1p9yoK3Cr7nZj9julwDha+7aZzem//XyltRpvElByKlkb5vV6CKP9GmyUjLpknVdtBpGZoesjcwzPBu02Lfm8/ky1szIeYqqdtlsMVF0ybKaLsvl81WmrFGS09sMTns6E5MbKV02RwwMEQ5IUoL8X1/+h5a2fbyoUxuPEQUTfNRHN8woyq2VAoVfw7FVAoSvodP6d/n5lV2vvrY9ewYDHFQ7zczvTm4g7MbFRB6St5BOp6s0iiIUK/G3mpIvbIyakxwCn3BwWvz4auHigNtaLBwyDF7CWM6SZUAikx+1JWb8cHNSH5MFxhPi1XVnjBxwRrX/s2nVff14ZFn7wnc7tBmUacBEP/X+tTMaT9qXCM3X3NxHfPdLgPA1d3FLV2zIyh7jtzTNmTYJt8xs9P2y75EwxmIikfDLIjL5rJl+aWd2zaIWo9HJsBDyGt3XjvQ2+v1+EmewiqIoRCKRXENDg55KpRyvbUovebctOxxTVhhskXedP6F2UkPZ7nTpPY+Vzckzt8n4XNoEvU7S3powsOyZr7lZv7HdLwHCEeD6fgQs/8W/QOoVkIhMf1ROPdBpfrKo3RzhwBRUBVDLOTMGDRpGUVpzMxbr6oopx0W2ZpL19+THne8uastONgwWBtu1tnNHlx3bGPJ2HAHmKj3CfixQAoQjeHiQFzydTtfqOqcoSiK1Nin8eUscnykgLe210xtPquMv9/l8pB6C7Eh8Wi9Aagma4vT1KyOZy1SadVdLxkfH1fjn1le498tLcASb8hvzaCVA+Ma4+tAelGwR7szlPCK2mXQOChUVVJHzsd9yhCQhkdJpEjws9Ku4LM4yDu1upbO/KhYoAcJXxRNf8X7sFnAJE41KQrxKyGKdAHo5EZ4HkFQiJ8kBkLwCQrxKziE7EqU6ha+4X/fsXgkQvmYO+7/ubjKZrEEIzQCAEE3TKdM0yTJiq8/na/q/7lvp/odvgRIgHL4NSy2ULHDEWKAECEeMK0sPUrLA4VugBAiHb8NSCyULHDEWKAHCEePK0oOULHD4FigBwuHbsNRCyQJHjAVKgHDEuLL0ICULHL4FSoBw+DYstVCywBFjgRIgHDGuLD1IyQKHb4ESIBy+DUstlCxwxFigBAhHjCtLD1KywOFboAQIh2/DUgslCxwxFigBwhHjytKDlCxw+BYoAcLh27DUQskCR4wFSoBwxLjy6/EgvbTwYzHGJ2KMF/l8vie+Hj3/ZvSyBAjfDD9/KU+ZTCanAsAohNAoiqJGkb8P4UYJjPGVXq/3pUO4pnTql2yBEiB8yQb+XzTfJ9ryZd+LULLFk91zJV76ia6YtdigAfO7mdfQbuEoYBgGKIqoTRvA8zwghAj7M9A0vVtKHiEg2o4UoOdMTbnXE6hY8mX3u9T+wVugBAgHb6uv7JnhcNhP09xklmVG0TQVMgydZ1lqBcbm+x5PcP0X2fFYLPZdhmF+Ypp4GMdxYJo6sCwLqq4BTbGEnLH4/wgwmKYJLJiAMQVEQh7hIiAghmEWsRT1VwPjZq/Xu/mL7F+prcOzQAkQDsN+GGNCTvpfwiWH0eRBX0o4DwHAJPyFhBTVwTocmMEeVTfLOYnKGkY+pwDKVnor2w+60YM4MRVNjQWOG5tTcueJFjGINdODEXKIgmSqqmbSFFYQNhVJ4toLikqLLBVBCHJAs1lMsYphoJRJUSsZLLbRNJI9HqntIG5bOuV/ZIGvLCCQl21DRB7mt+JuQdc1mnbTKivzAas1eigvIWmnNZ8PMoZFpSigsnLK7mONeJ+K8aHaeVckEkymTY9oE+VUKlfr9fjbA7yY8Hio9KG21Xf+js7OKl2jGRWZvJnPiZglTOgYmwYlkD8Rg4jUOmDEsBiZIk3TpsPmjAhuS0QoFLTy8nIzGo1ypmlKFEXly8rKZPLc5Jo+W21vaRkDlEBk4wEhjDCPMaVRFMuaJibK0eRUnS5egzjOtDCsxrJF6bZEf9GVeDzuYFk2YDKMhEzTQq4Dw7DrOrbY7VKXIite0SpGcoV0jcDyGYricrmCFkxlZX80nh3c2hmZ0BONOXRNT2CKSXucYnttVWhNdX3VCm91WUsZRRFOxn0eO9p7GgAEMExsMqypiyLGVT7fIWlEdnd3W3d1xwdaBFE2DYbREEg2GgpeL99qmiY2DJuQSMQHYAulOV2BbpahGEORrQ1VgfZDFaBJpVLumGzakGFwOmcacjLnIT6t8Dl3ED993jHzZV33lQUE8sBvrOq6/s2thf/HGHoKAWfxiLhz9lGOXx09yL/wYAg8ib7Aws2xb72/PnqDbLAuhAxMM4iZNSp026zhrocP1aikvV/9bcGLTW2xEawoUCyLUUGn7I1B5v1Lz558/aCqQxuY5KWd/+7a2fc9+o/b0wXDRzMMYjBCLENjVdNZYFgOEEUkmMgCnC6u1BGiOY5DLpcr53K7ctMmDHlm+sxJf61wOGJ7e55oNGrf3pmcevtdD86LpQsBbJBXgDEpikHAcoyBNUTW9r1H8Q+apjHLsmRqD9UBb8uIoY1Ljz1m1MtHD6n7mEjM78tu/WMZGGOJEK2u2dl94pJlKy5csmTpybvaOt0FRQcELFA0meAQlNNBEjhdEoR8fXXZrmlTJj0zacyw+WUeW7vb7VYI0Pn9/nxHR4crp1G+ux94/L7NTS2jOMGiGxhxHJKVs8887b5zTpkyz+fzyQfzsbh13pO3vb/0k+/oJuYMluYEA+jjxw1++Vc3Xn0F6dK7H64++c77nnooZ2qcltdNi1U0KFNnzzxl+gOnnTl9HpvLqaFQSN2HoC0VDoel8vJybdX6zWNvv/vxebGkXEG8xtAsICRz40c0LLj9Nz++kKh5H+oY/LLP/0oDwsPvN9/35k7lakYrgAIW8PJK+rsTnedPG1b31sEa5q1N4XOfWtZ2Xx5ZveQajgV83sTgT88a5r/zYNvoO++t1V1z7nty2WMxlbYDjQBQARDvBQeOpa47f9IVp09sfPGQ21yy+YRf3PLH17MGI2GggUIaCCwNuoGA4gTABi4G5chLSwJz5G8SmCNM5+SFtdIm+P32tisuO/e2s6Yf+9Ceg5TIuS3ftHP8NT+79b1MAXMsRZO7gKobgGiOfN6LbfeBAmm/d2ax+54mBp5H4LVz0TmzZ/zjnFmn/LlsHwpO/Z+9HWPppUefu+PF+R9+L5XKSAVVA4oVigHH3ffYHWSkaBpkWQaLJAADOmA1DyOHDdhw9mkz751w3Njn6tzuFFkSVVRU5AmAPvHKO9fe/8jzv4/Juh3TPHBmFupCZbt+dO1lVw2vC3x0oK/u64vWn3H73/7+WE8y60YUAh0D1AU8PXfefP3J44bWru57hh/c8tDLb7y75CxBsEJBUYChEVT67N2/+dk1500/eghRt94nozTpZ0sL8Pc8Oe+hN99bcRFCLLCMBTS1AJVBS/THP7zk6tlTjv5K7q58pQHh0WU98xat77iWNw0ocD6wUPnU5ePsp00aXbP0YF+8hRu6T3tiafh5BSQJDB1onoJvjy/7+exRvtsPto3ihwxj+qYH5r+4dEvqrAIwIHIIkKKAydoA52WYOqrq5cvPHv/9xnJ79FDaffWdD0/57Z/veVKhre6CrgNlKCCxNJhAA6J4YGgSpDOLIOEloI4AACAASURBVND3opKZQt+BEQ8Cg8EpQuGSC+bccfUFp/+6//0x3sR/tBaNu/ZXd72Vypt28l0mIEACfCbLgWD8BwB6n3P3h7sXGEyGB0XOgctpA1PL4dNnHv/Cjy+/6rJAgCICL3s9mpPYdcvv/vCvFWs3TzZpcXf/obgaKT4HQ3YZeoHNxBgsNgcoiga6roPLJoEqp8HrsiZOnTXzqUvOPOXmUMgR77tRe3u7dP8zC/7y2oLFV8oqFOc2lJGHmVPGvPbLuZfNra72d+2rX7siueDPfvWn19dvbRtv0jQwDAYrA5nvX3b+b68676S/9L9uw/bIgF/ecudr27uiwxR9N/iCmYdTj5/wwnVXn3dNQ1lZbE/9ib4ZEplJPvfG0nNun/fI3UnV9HIMD0jVyZhRvn3OzHt+dc1FPz2UMfK/PPcrDQgPLI49+l5T5/cEU4cs5wMbzqtzJ1lnTBp+8IAwf0PX2c8sjz5lUKKIVBlYUYCzxvp+ffbIwB8OZnrZ54zlG7pm3vnowvu7DaleYwxgTRWsJg8aJwMHLpBoFL/u4imXnDCq7K1DkUJ/8+0VJ/7mjnueT+qMC2EGLCwANlQgC3uTFgAMtTgzIP98elC7t/LIy1WgBbDxLOi5DAQdYvbH117+kzmnHfNQ/0G09OPtk37yu7vnxzKak3zpyJfYAAw6RQND7Z519AHAf0BndwsMZQCmWNA1CgRWANBzcOE5J933qx9eeM3eBmpbNFpx258efOS95ZtnUawdDNS7wqAQcAxr2K3WbMDn3mmR+BxZV2fkgr87GqvVNOANsi1JdjEpAxhsgiBy+NIzpv1p5tUX/ppIzvXdb932jtBNv79n/o6O7uEaZQHOVEBAaeX7l5x7y9xLz7ttb/0igH7L3x6544VX35+b1ymBF1gwzAKcMeno5+649UcX7M1nr7z+/kW3zHv8QcUESQMKWEBg41Hsx1dc8IvvzJm1zyXnli3Ntb++46Fn1+3smUBCvwQMLBzGo4+qfff2G3/2nfJD/GiUAKHXAo8v7p73zpbwtRpNg4losAuSfuU460mTh5e/d7BGenNt+Nyn1qSfMzWzuBwXAOGLxnl+OHN0xT2HojB085PLn5+/tOMcOwdQMLOg8QaImhfItFOAPBgcCxOGhN687uTjzqmqoohQyUEdry1cfuKv//zgS4qO7CRMUNANmDCk7r1Tjj3qpbSquFjBrmiGLrI02ePnDU01LNmC5m5t6xjy8eo14/MF5KBsXsC6CpwhQ11tdeTem2+cUF//H9m1D1etm/ijmx+cH8/qLgJkOkXBgOqKDd85YfQjOs0BIExCF4wJmOZ5TiMvTyaV9SZSyeAn67dMaenONSBGAJoyi0sYj9eu3HbTNWfMGDfknf4PSb6Mv7zjn/e88K+3ruAkHjRFAJozAamyNm5o/dJTT5z8zLihAz/yeGzNwWCQrJ/x1q2tobZId+PqtZtPfPuD5ed2xgvVJs0XtyrJkkJidLjh6m/94LI5p83rf6+3P1g1/dY/3v90l0wHKSkHYLLgl7yFu3//w8njRv5n6t93zesLls655Y4n/pnWKIuJcsDTGtSHqpruveWaaXV1dd37ctYPfnvfUwve++A8TIvkMwAcTUFdpbvp1l/88IxRQ0Lb9ryOBCzveuydu+YvXH6lhrqxQgUowZShzAktv/35dZdPP2b8uwc1MP6PTvpKzxAe+yBy78LNPXN1dve02cbwyrWTHCccPbzyoJcMC9Z1zXnsk/gLuoEoE9PAM4AvPSYwd+aI4AMHa/N1zd0T/vjoRy/ujMshjgbgaQaCASGOVcCdKcpHQwwQWMBv47pvvHjCaROH1Kw62LbfeG/FCb+87d7XcgXNQgTQBKsdLp5z4m9+fuW3btlfG83JpGv1srVn/v2pf/16Y0tPnUWSgDE1oBmAX1x3yTUXnjn9vr7rl32y4Zgf/u6+N1N5w0XrCgDD4eOOHfvCrT845zISsNtHcIyJxWKWNdu6Jz3wxAu/27StbTxGFGAwir64+OxZ9/72houv7d/H+R+umH3zHx9+NKsZ3lwhAxLnAYHJJ2afMvPxqy4749aQ4z9T/z2AhIpEIuRek//x7Ku/2byjbVKuoALDCcAChkE1nq2/uuHKM8cdNehTMZiVGHNLHnj65w888/YtiCJLLAw8YJg2Ydgbv/nRJef3jyVsa43U3/S7vz7T1NIzPqPoILAM2AWU+NmPr7r2vJnH7Fep+oM1O47545//9mhLOD4orzMgSRJQakY//7RpD/z6p1f8eM/A4KuLVpzyp7sfezSazASBQsAIDgAlkZl78Zxbv3XKcfNILORgx8b/xXlfaUB4fHH4vnfWx64GgS5OjwWKUX9wrO/EscMCB53dtmh92xmPLI+/QAHLKYgE1DBcflzF92cO8zx4sAZ/4LU1f3n+7a3XK5xenBG4QcyfPXPkHzleNx5+velWRKWAMq0AigHnnlb3hx+eedyvDrbtf7+74uRf/Om+l1UDi7qqAf3/27vOqCiybb0rdyCDIigOKpgwYg5jzqijYhqzjjmCmFHBhCgGFHPOjI7OmDCNOecxISoiBlREyXSorjpVb5129Dlclfa+mb591yv+6Fp9qvY+3z711Tk7FU1Dvy5t5oSO6G7RPTbEHg5etHFXFG9CFE4Q0hkM0L6Rf9yyOePbYh1wduH5G7frBYevOphjlBwZSQAeCVC/brW9GyOCOhW0S8LX7z5xrtuipbHLMrONrhJlAILUQAXvEjeXzx7U4MODh52I08fO2H/uamIziaaBJrEXhILurWou7Tlh+ATfr0QnPsXqanyi3+zI5TuTX6b7GSUCkMQAg3jo/2O7iEkju4V+OjYhJcU1auHWrecvJ7WWVSRQHA+sQMBPPQLCx/zUZcaf82dnL9kRuXXXoTEiS5AYI1KQUd/ANgsmjeo6paBjI3bKbt51aHDMup9nGWSVsx47WWUEHo7Mq8lBQ35q2cjfHPHCeSEJz54VmjMvdsfl+HuNOC0FvF4FIGZCk3r++0NGDhxW9iv+DUvXyz89zqYJYePZ1yuP3nk7lOQI8xmXlkh5ZAPPdkU8yYvfOTllWgLOyVuvOq27/DKWpjjWKDNmYulfz31MmwquMQU9DPj+L97pi4auOH7iyRtUBlG5IFEylNJwD2aN+KElqzXlDY86npihy3UhkQpkiYSibuTDGQMaNrHU+AeOX+wwOXLVLomgGSTg8zoBg7q3njN+iGWE8OpVjtuIsMgT9x4+ryTjtGFGBeWLOtxfPTek5p/5CMSl2/drjJyy5Fh6Lu+oZWRAQECdGhXjwoYGdi5RooQ5N+Frf4np6Q6TJiw88TDpbXWeyAaJUIOnfeH0jSuCqvoUfZ/4dOz8H21CZy7ZkityrrwgAMcIUN63xJXl4ePbfeuZec+BU93mr9q2NlMv2gsSCVpGDd+5ax7PCh9S19/X9y9O23OX71QLnbP+0Js8XWGBEgA7X7wLubyKmDqyfe1KPjd+OXG9S2TUyg05JsJOwjNHPFQr63M5KnRU4NcckB/wwMen58+zHVds2Rq9+9iFPiTraN4haQgTVCpb8sLs8cMCS5QobHZ6zluyOWz7vvNT9TiaSGBZdlCiEEqePGFM7yY1Kli8qy3IHv/k7zZNCBvOpK4+mpA1mKQF8xmZIyhhWIMiHbxdiDMFhZf+fDvQJ+Lf9lx/PmUjIcuESHAgkST0re0e0raiy2JLCGHb8TsT1u77YxaitKwkCYB9W4F1Sy0e263+WCwjfPu57ccvPulB0BTQjBoMeTwMCygf0rddlUWWGO7wmWttxs+K+U2QSFYSRcBe98HdWy2Y9A2e6GFTFh06feVWa6MAQHIa8Halnq6PHF/X29v7NV7Q124lVhoZFn0yLVPnrKYlcxZS/TpVDq6dPbaDJQ5QHPabFbNr69mL9zoJVC6IshoKa53ztq4IruJbvHgSnufMhZtiduw/NRLRGhAFAziwcnZI8E9BfQIabLIEh3xHCGZY6OLYYxf+CCRpEmREgR0tC9Mm9OvQuUXDQ/nvt3rLnqBlm/ZH5IiimlIxwAg0fO9f8XivHo1mLlrxy9KHyc+qGBABLKUCd3vy9bQJ/Qe1qlcrzlK9cPTgys2kKjMWLY999DzdF4drOQqAAZEPGtBlfOWeAatyr9ysNnXmmgPpvMnNKAqAj38OKrVxzIC24/t3a7/KkrwZS/X5J8fZNCFsPJu6Ju5h7iCQdECJenBU2esH1HHqUqtcMezJLzBlWJYTuQPxhYf/ci1tkWjIBkQwQLIc9KzhHtKuknOBD2x6uuwwZd2B0/Evs6uKBAmszIEzp0+dNrRFi+qlitzFhjl952nrhRvPb0gXhCJAkUAhRyjrId0c16dG+zJeXgVm0B04fqXDxIiYXQhoBkcS8KQGdm45b/zQbpMsNfyQyQuPnL50u6VMMWAUEfgWVj/dtGhKfS8vr5fvF/ODKqPClp7I0iFHFSGAQTBB3ZoVT80f36+dJcSanCyrQhfOPnLjTlJDRJuAZuzAXWuXuj4mpCbeIWAZfUfPOnHuelJDxkENiDeCj4dzwsbVMxp8KWHqa3PDJLb94KXucxav2YpIkTQaEGhVDPQObDFzyvBeYfmvxf6EjZPm7zh+6V5nEe+ABBbsGQ14F6UTEp9llwNOBr0Bv1BoIah/9+kj+gdEWoqt+cUSH89C+fLytr2n+s9fviFKkBkHHA3Bx4+izuonY8b2G7Jn99HRl648aofTsRDOIREQtG1e85fRfXoP9vZ2yrbk5fMtOv1TY22aEPAO4UhC+mASR5wkBCznCI2KU0sLu9vdAYHHzj0eAOlkghQpCVGyOZsPQCJIgcIpvyAzCRnyDxeeo74snw3mUD7DQvcaruPbV3ZfUBCohy4+7jNv5/kNImIpgRRAJbHQpGLhHWGDm+AsM3MAPyMjw3HxrpubTt1/2UGQENjTjgCQx/du5z++b9OKf/GMf07eIUwI81b8LEgkh0TZHAkZ1LXFoknDe4QUpB/+HcfWR02OOPng0dPynFoNvICgRhnPK1FThzX28vIyRzvO37xbfXTo0pNZOsleQ0pgkhE0qFvlyNqI4ICCiBVHDg6evdVseuSyXwwGWcMDDg6QUL2017Vdq2fVwTuMhy9eFB0eNPfC8wzxO5HkQUtT0KByhV9XzB8baMkcPjfm5OWEauHzl8WlZea5IxKAlCVoUrv6nhVzRnf53MN14drtClHLtm659+R1VVKlBhlJZmLiOA70Jh4c7LRQvXypU7PCh3f5knOzIF1TUlJcozftXXjw9/O9EcGSRpMIakaWSngVT0pNfeetE0wMxWG/gQClijgnzpgwsFuNKn5/FHRfW/rdpgkB+xB+v/tqKM2RYEIk5CAn8ICMdFHFOBoEkaYZR5CRHj+YH3YL+F9MCjj33xzWcpKyHj2V3Cq4kob3pbgULXerXmhyB3+PryYmYWfS9OV79hx/bGpHmQAIFQCDwDC1f9OOTaq4H/3UiHvPPO6zeN+VjbJMkSSfByaKhaq+7qfCf/T/oaCaiYO/X+oUumDNVhMiNHiB4ZTewd1bL5g0tItFySubYuNGL964OzLPKKhxBiK+vl3jqjsXho3u/kHHi9fiqwbNWn4iM1dyZiUj4OThBnX8j8wc3TXwzwzA/81d/pPosJPs7du3qgePU6otXL1zRWJKWnlBlgFJNLAcCV3b1Fk+c0x/c5ThTkJCxaHjo06+0zNuJsgDSuDFId26R0wY2flf3uaWLv74tDS7iUFzrye+yC4j0gLgNIxqpctejl0xpf6XjjkbdsQNXLHlUEymKVclyHrQUO4gmt4By7qAgz2XGx0R3PhbIkCf0/XstYc1w6Ni9qRm6osJ5tCoAZDeHigGZ5YawWikwUnN8eNHBA7v2b7ZZkuOZJZiYo1xtk0I51JXHbmfPoQUCBA5PcjAgVZEIAoUgFYE4AnAHu2C/niZA07SmWkCEaTct47nqIAKbsu/dt3ZuykBszdfO8DzmYSB14CjVgNli1MXpvdq07pQISL302sfvH3ruWzLhd9uPMmoCSoKKBMLzoSY+VOv+sM61Cyx80ty8Nb4wPGLHact3BJrMAEjCtmgVrGmAZ07RYUM6fDVKMOL7GyXS+evtF+wfk90Vo7OUUKUmQlVpKybPnHEoM4tan0Mp124fb/C6HExl7NMSEuyepBNAL4lSj9p8H3l7Yysk1mSEpAs0ri+wYRkjlFz+uxcQ6HXaWnet289bZ6R/lZDkQzOUgCDiQcPN7vM6Jljm2OnHZ7bhZsJdcZOWXj0nd5oj3OpJIMMIYP6hwzv26zAY9mXsMGEEBoac/7Bo5TKBCOBSaSgYunifyye3Lfulxyh+JrwaYsP3X6Y9j2SKUByDrCUJFOSE9G+VfUNkZMGDfx3tu440vLhuvh4mb2XENcrMmbj3EzKrbC9YACRocBIUkAgEVSIFzo1r7/lp15tRlrisC1o7Vr7d9smBLxDuJ82lAYWeM4EvMCCHYjAm1gQVSKQIguc/PWCMQkZZRPtQGgxGSAB9AjBoEbewwL8XL6ahxCx8cT2Y3+k9xBYGZCJALWkMw7oXDu0d6Ny/7LIk5OTVWfuZk+IPRo/NY+kGJyvzyEE/n4ex0I6len0tXP64TOX20yYte5XgwlxJCUArj2s5ON9p76/X5xAywhIRpIQzndDJEWzSJAQo9ObHFNSXpe+dfdeNaNIO2Dfg2DkzTUQ1Sv6nJs3eWorT0/iY7z78h9JvuPCY869ycpzl0gdMKQKZBMBgpQuqlkP2mAwgL1WDaJJAIahzLUFnFoDPM+DzAhAc3bmM7iDRg2EoNP36xawJGToj1M+LNZr8YlVh46Zc15HMBqTbARGJKFPp7bzQkd3sdgPkn/h305N1U4IWfBH0rM0X5lBgFO0a/mVPjd/cq+WH45C+a9ZF3towJI1O1YiVs2aTCJwNO7XgGMqCFzs2NTIWeM6fF+59JVvecjyFWyZieH+/aceW347PPXnY5eG2wEJBrzzZGmgAEHVkt9dnRg0qKd/+WJJ/w75fItu/8RYmyYEnIdwNP7NMJZUgZ40AG8AKO4Ar0lZxRoJg4izakVa4wBmny4O2Jn3uzi/HWfiIwCZtKNy37zWqUuocLYjQqAXTdJPjX1Gta3g+DFx518W49Ms/+kxB/a94+liONVfQwGUdCHuzA7p1szDnvhsrcL9F2m+i9Zf+DXhTUYFYGlzAZGzxi53Upca7er6e535kvH2HT7TaerCLbEmRLAULQKPZOBkErS0lJONBAcaaFyNSOBKTXwPUZRIICigWQYEQQRBZIGhAFSMDE5qInX2jAldG1Ur85c8jTPX4qtOnLbsdDYvOoiQByAzQBNqoBg98BLuaiSaU6MlvPsy8WBnJgcDaFQqMIoymGTKXIugJQVd/w4tlo4d0TP80zLgu4nPSw0JmnXpda5QiOAI4GQCAurV3LZgxtDe/+6ivX7/qcfEadFXXufkevGiCQhEQrO61X9bOXck9iG8b9P0yd+lG3fLRURv//nB87RKiBTMCU2IB5ApBwAqAzSsWqpevvzvETOH9PoWR+cn9QnUp3JPXXlQffritfvS32R5GiURmwSc1HTemIG9h/fp2Oi/tk+kzRPCgbtpwziKBpHgwZ5iMlpXdgrzdnG7RZB6kRYlE0EiQZRk8wKh/nQq4v+TJP5FUl19a+p1NiFruCiQFE47FSQk9GzoPa6dn+PSLy3WBT9fWr7//LPhmHGQqAdnDZ3ZpGapnb1aV53mYW+fl5EB7Pt6ozdyXh5oOU4tZjCs4+646/Mv3klqxxPACQICluago3+pZcF9ao/+0tviyKmLraZEbtqdYxC0SNKDzGiBkUgAZASB44AWRLM3O38rMpyXIYoi4Go8CkzgpJFTp44fMajl99UO5p/XhWv3K4wPX3I6Q8+7AoUfLjXwPAKCzgWC0ADNspCnN4CK05jbnunyckDF0sAbjGBvx2H5+gplfS53btN0+Q/Na/6a//644Gjo5Ojr8U8zyhMqAhhZhsoli16Zv2ZWoxIEUWCew+fscOT07e+nzVm6L0M0OZurLgUJurVttmzWxH6j8o/HO7SF63ZtOHL2zo+4mIplZHORmJuT85u0bModqCxzlSVhkGBQ7zbhIUO6mZOWLPnDxwVzPZj5jfPekYz/cIpycMT6QzfuPG6AQ85IMoGHE5eyNmJaLYri0319fb9YJm6J3P/UGJsmhI3nUlcdepA5hJEBREkAZ0J+0be+4w91/bwt9tzG3X/Xe9fFVzE6IzhqGLypA9Strtek9hUdPhtlSHqVUXzy8rgTr3V2PkjKBop0AYNOB8WLOZk4yviakWgRZBVD0rIoULkGMSeXZWgHkWI4IVOXVyQ9hy9MMY4gIhOoaAAPezJxVM+anWuX9fpsK7ODx860nzJv889GRKhpBoFAcEAKCEjEg6hSgWBEZkL40I8QLxT8Rsd7IPzwcpCbWbt6xXMDe/8YVtOvxK3PLaSLdx6WHTc1+sybjJzCjIoAUlKBilWLpXydr0o5JjuRIFiSYeV3mTqvpy9e2am1jkDTjLkvopu9lD16UI+RjWr4/IoQUnl5eWV8TsbQSfPizlxLaqMTjTg9HJxpMjc6MrRlPX/fS//O4g5ftHX+zr1HgvIkxDhq7YE06vTBw/uO6t+t5Yb891uybs+EdTv2TjcAoSUpGsAkQuWyJa536dR8wcr1+6NS3731MiITrkQAd3v7jPBJA7o3q1/1d0v0+rPRDO6M9ZdyZ+x07joi7MT1e0++p1nO7D/wcGSfL5k3vW6VMgWHmy2R/Z8YY9OE8D7smDYYKykACQ4S8bZvM02LxqU/v/A/+6a59yJwx6WM1XrEuqpBACSLpi7f+0zrWMFh/ufGr4+7ERb7+50QHVLZk6QJKFkCQaSAYmhz5R5B4R4FuJZfAiRlAqNyBhLZgSTqgKB0Rpp2UIkmnBGpB0IyAkNzcmBj34hRnWpN/dQ59UH2gaNnO0xduDVWlCmViHRgEBAUd3N7W6KI80OdLGpYgkT4OpJi8L8gyyLQFM27uTi99Cpe/EHd6n5H6lQu/cfXmm2cu3mv8rhpS4+/zePdSAoBKVBQv6Z/3MSQ/v1ED/sc1ZNMteQkyw/u3m8YvXLjgtR0vW+OARGcyh4okYfW9f1jxwwcMLxECeesLy3SVdt/Hbdo+Z4okaOAJAAYEUHr5vW2LJw6bNC3dhk6f+uZX3hk9G+v3mT6GikZWJECN630Knru5Kaf1jNgXU5ev11rxpzVe15n8kWBkQCQAVxVdqlTg0cMDWhedd/qbQeDlq//Za5eQiqCYYAwklC7qteJaRMH9vMtVizFkocOR1zyEwJO1gqZvebI9ftJ3wMuEEMSFHVVpUSFj21Yo1LpJ5bc1xbH2DwhnHz0ZjDeLou0A2gFSd+vKdWxoW/Jv1TZfQ3YozeSu225kb3KBFonVswFmUR81/q+YT/4Oc7Pv42/n2b0jVp7bF9ymq6cIAnmpqGEZACOcgDBJAHQyJy6jAScq4+rDwXAsQ9S4kBGORKQvIEinbXmmn+KB1pmwSgTUMbN7u7Yng16VizpfD//+ffwyfNtJs/bsktnAq2JxwTDQb9O7SJCR3QNx9tU3DcRAFjsPjCnWPxvWPCj57ughXX5xoNKY2cuPfYmh3cHQgBOJKBxHf9dyyJHd8+Pwc64k12XrNq8NEtPumPfAYgI7DnZ0LxB1R3DRvYZhxuWfE7e7QdPyoyZvOTU6+wsD1zvQQENKpqRZof06x7QvM5uSx1suD5h3ca4qCOnrvQXZBFEigTSgKB1g4o7l0aMx/kfH9/UuAw6cuHqbfeSUhoaJRZEZAQW6fTDe3WJHDOk2yysJ37Djw+P2bjv1NXewHIEdpxysij+2LFFzPTgvrg46eMx4Es4fo7IExPTHeasWPvb5dt3m8gyZ67OLFpIm7Isckw9v1Kl/mv7RNo+ITxIHWwSTSAzzmAvSrpBzYgOdUqXPl7QQ/Dh95N3Xv6w/lL6Nh2httOgHCApydipnu+MjuUd5+VfDL9efDBgeeztVUZRYlQqEYwCBTyDveb4XE+BDLkg0/j5VIEgAtAUAbjdoTn+T+gMBM3RRpOWIRkeEMoFRnIFntGDnUAYhnesMiqwWfn1nzipzA/00eMX2wbPWfurSLAMQRmBkAV5YKe24eOG9/hqtaOl88fjzl26XSt4zvKj6XrZkZB5UMsENKvpFxs9r0lfgqj+L228Vm2NG7tm62+zMw2SmmJYc3TGTg3QLaBh5NRRfSZ/SXbovO1rdx86NBAxpJk0GZoGX2dIDho9fFTzBlU/myqM/Q84aoDfwsnJaa57j8WN3L779OgsHhwIlgBcoVpIZZc1LaR3n3ZNax740NgWb9mjl20KXffLqTCRluF9arIGapf/7mzkpN6dihUr9rGpSvzjFz6jp674/fHrd940y5tTmx1ZJidkTNeRXQOa/lsOQNyaLih8xZEb8Ql1RYkDIFnwdFW/XRw+tmG1it4J32IfWxprs4SAnTZ74o2rziTm9cINMwRSA24EmTesCRvgX7L4WUtBvJCUEbD6RGqsTkL2rGwAhrKDdhW1M5qWsV+MG5m6uLjkmkNJrzK/i9516Ze7Sbk1QJSAVSHZQADRtlzhbfZ22lyGYQQkAwUSLgLGXm6JlEGiHDWqTJ0g2VNqRk+aJKBFAr3JEksduX0/MI/VsFoBgSjS4F/G5XjMqEat8289f794o+WEOct35uTyjgw+/5IkdGtVf1H4uAET/67899tPn5YYNHr+zexswUkGo9kn0aRm5Z+XzQ368Us4LlqzY8b22EPB2RJhT1GY8kSw46iMvt06zhvZtwMOveLdyl/Sx09dj68/N2rJxpfvdD56RJoLrSgkg6OG1rduVGtTm6Z1dhR1dU12dDQaDQaGJ0mSKFy4cB7O9rz1+E2VnftOIfIIKgAACtlJREFUjjl/+VZHI8Kt2xGQ1Pv2rz3aN105M7jP8E91PX0loU7YnEW73uj4YjhHgQEairqyKaMGdwjp2Kr5rvzz2vDzwWEx63fOyUOMM8JaIyOUKO7xJHL84B+LuGru/klK39RFu9/oyDNXb99pAIwWsBPZ04VNiV0+v6qn5+f7W1q6Zv+T42yWEPAbYNmZ5+uuPsrpg6vUjDIHjkDmDQ5waV+7WCGLG6ScTszqsubEyy08SalI4IGQaOhQyX5uI296Nk3TZKFChYz4wYu7+KjHyt0XorJE0pNCHNAyBUWL2cVH9KnY8NO3zafG+lIb9tTU3MJztxzeeeNpTqP3nY40oKEMaeP6NenVrOp3f3Fmnb7+oHFQWNT+XJ1gx1AU5iLo2b5B9Izg/sF/18K4nPis/IigiCtGE2VnMGab24G1rl9r+9LZI3p9bZscPn/Til+OnB2KnQK8SQSGJsBJy7wd1r/rlL6BLf7SMegDFlv3nui/fM3WuRk65I4bipinL4mgpkhwtlOlFS/qmejtVfyBRq02E7FeZ9Lee5RQ89W7d8Uy8nJcBBlIjUYDEu75KElQo7zPlYg5Qa0/rW59+1a2Hx4advDuw6cNcOcnAijM1PywvoEzxgz44bMdk5KTM52Wbt669Ldj53qrtE5mwpFMJmhVp/Lu4CF9RiKUk+Xj44Pb2n+xV2J+2/cZGXHu6t0HdU1AmcO2xQtpUzYvnF7LkirKv8u2f/d9bJYQ8ERXnHy+4dyD9P4UASBSDDhI8puR7YsEVPIsZHEDkvNPdW3WHk7czDNqNxKXpQqEFFjFcWpg7WIfFw5uNrJy+/nNlxLeBSBapFjSAfdrF7q1Lz17SLt6syw5Z+Y3zNrDN8Ji4xLDTFQeQRK44EcvNahafNfcwS3/8lY+fjG+Vcisxb/lGUSV+atGNAW92zWICQvqF1RQnYGli+FWUkrpgcFzbubpSa1JyDETQqu6tWJjZg/r8bV74AcvdGHMtlNnL7WnVHYANAcmPhfcnbhXk8YOGvZDwxr781+Pj0QrNh8Ijt0TNzY7T/AwEYI5PGoO+xGEeXdCEZS5fyJuJ49E3P4ZAS4MkwkJaJICo14PHMVA5fIVboWP7trfL1/0JGxJbNTOfcfH8YgEbFNSNkHdauWOTJ86onspF5cvtsO/dvtxhckRi3c/S80sQzIaEHkRHNVE3oCenWaO6NMWV7/ivgaMJd2QsV9hYMj8E+dvJTQWZcbcis6rkPrFqoXT6voWc7XIWWmp/aw5zmYJAQO+7OjjTaeeQR98epcJEZxklD4swLNttWKuly0F6fwTY/vVh+6t11GsGy55YCRSCqxROLRrzSIfK97237wXGL3t6koTci0kEkZz0LmYBj2dMqpO46oeJZ5aKuvTcXey5JKzFx278ConqwhCEjCcGhg5N2/2sB9a1fFx+Fgbf/zi3bbBYQv2CRJJ4iiCgBD07thoRfiYAZgQ/pY23fefvPqu96iwhPRMo5rlZMApTs1qVDuwJiq4fUFzS0nJcZ2+cOnOS38kNjUixvxA04QRvD0cHweNHjykZS2/k/nvES/LbPzBC503/7wn9OnLd+VMokRwWg2YJBly9DpgOQpokgDRZDQTBcuo8TcnAOde4QQyOw6y6tf1P/zToH6T/Dz/+iGXXw5f6TI3evW6XKPkgCM+OJJT1N3+8axpo3rUq1Dm2tfmg9fUjr0ney1YsWlprlF2omgVCAIPxdy0b6aMGdSvVeNqRz7nQPzcPXHRV5+R4acu3k2qSzFqQCYeirvbv9q4cn5170La1wXhaqu/2ywhYMC2nXwYcSDRNJnB3m7SxDuzTGafpsV/rOFlf9pSQH9/ZOjx29kHc/QE7SkTEiJF4FtWcZ/XrYa72amIk1r2X3oxP+5ycm8jT2tZtYaQBZ2hZe3i28b3+n7U/6U4Zfn2C9G/XkoegpBAkKyaIUESAuv5LhjWtcbHOoUzF261mDgn+mejKHEkgJhnNLL9u7aOmTyy/wRL51jQuFuJiX5jJi/6PSM914VRyQZRItnGtavvXTJjTM+CrsW/377/uMK0yKXbUl7rfIy8yLAMiRCfI/lXLnt1SL8eIXVr/GtFH36wbiU88Tly7NZPF6/eaJf0IqUkIhmVRL3/viNONuQYnHAlmysTcQN6rYrKqFSu1M2ObRutrlO59HFXV9ecT/XDH8mZOGX+9mcpb6uJokxJkoRwf/Q+PdovHjugy2xL5oLDhYs37V1w9Pj5XkiiSImkNBpK0Ner6hs3enCvcT4+PhZ96SpZllWLpkTuPHHlbgsGN46UEVHS0+1xVMSUQB+vwo8t0cUWx9g0IVx/lFpLR9FFGWTP8STPERIQDX3td3ztYyH5QX4ly5qk+9kBoopjRRlRhuwcl1Ju9sf8vrP/+E3B05cS22UKoitBMxJJMrIs6sny3oVP/F+3fs+yspyTnxtqm2QDQ8gqGomkyk0lv67+SZNYvEXdf/JGB5mU8QebpAyd3rW0p/vN2tXKWXwsKmhh4fP9oXO32tEEjRAyEDpR0nq6FHlWz9/b4qQhvMt4lPi8hoFHapqhBFnkSZomhUq+vmd8fIqkfcUXwSQkv/ZMfPys8v1HT+o+TXld/tXLtBLp6RmeFEWJ3t7FHhVydX7uV8Hnop/fd5c9PDyefKkbVnJyWpGkly8r6niTE4giZadVZwskJ7esU/7Et+ymbj9OLfzwUVIDmiGlXF50UhOEkTTp5VrVy+39Up3E5+Z38sofAXoDaEQBMSxNII6m9U3qV8K9Ov6WnV1Bdv0nfrdpQvgnJlzQljAxMZH7b007/Sfw+sJ22ZzX/63ftvzze5Tywxcv3LPe6jxohjVVq1jy4bcmLv1d8yxoLfxdcv6b7vP/jhD+m4yj6KogYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRuB/AEQBtcR0EHD0AAAAAElFTkSuQmCC",
+  "url": "https://github.com/hellracer/cs-haproxy-bouncer",
+  "description": "a minimalist bouncer for haproxy",
+  "stars": 6,
+  "downloads": 0,
+  "readme_content": "IyBDUy1IYXByb3h5LUJvdW5jZXIKCkEgbWluaW1hbGlzdCBjcm93ZHNlYyBib3VuY2VyIGZvciBoYXByb3h5CgojIyBJbnN0YWxsYXRpb24KCk9uIERlYmlhbiAvIFVidW50dQoKYGBgCmFwdC1nZXQgaW5zdGFsbCBsdWEtanNvbgpgYGAKIyMgVXNhZ2UKClRoaXMgaGFwcm94eSBleHRlbnNpb25zIHdpbGwgdHJpZ2dlciA0MDMgLSBGb3JiaWRkZW4gUmVzcG9uc2UgaWYgdGhlIHNvdXJjZSBJUCBpcyBiYW4gZnJvbSBjcm93ZHNlYyBsb2NhbCBhcGkKCiMjIENvbnRyaWJ1dGluZwoKMS4gRm9yayBpdCEKMi4gQ3JlYXRlIHlvdXIgZmVhdHVyZSBicmFuY2g6IGBnaXQgY2hlY2tvdXQgLWIgbXktbmV3LWZlYXR1cmVgCjMuIENvbW1pdCB5b3VyIGNoYW5nZXM6IGBnaXQgY29tbWl0IC1hbSAnQWRkIHNvbWUgZmVhdHVyZSdgCjQuIFB1c2ggdG8gdGhlIGJyYW5jaDogYGdpdCBwdXNoIG9yaWdpbiBteS1uZXctZmVhdHVyZWAKNS4gU3VibWl0IGEgcHVsbCByZXF1ZXN0IDpECgojIyBIaXN0b3J5CgpJbml0aWFsIFJlbGVhc2UKCiMjIENyZWRpdHMKCmFuZXppcm92aWMgQWRpcyBOZXppcm92aWMgLSBodHRwczovL2dpdGh1Yi5jb20vaGFwcm94eXRlY2gvaGFwcm94eS1sdWEtaHR0cAoKIyMgTGljZW5zZQoKICBBcGFjaGUgTGljZW5zZQogICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uIDIuMCwgSmFudWFyeSAyMDA0CiAgICAgICAgICAgICAgICAgICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy8KCiAgIFRFUk1TIEFORCBDT05ESVRJT05TIEZPUiBVU0UsIFJFUFJPRFVDVElPTiwgQU5EIERJU1RSSUJVVElPTgoKICAgMS4gRGVmaW5pdGlvbnMuCgogICAgICAiTGljZW5zZSIgc2hhbGwgbWVhbiB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgZm9yIHVzZSwgcmVwcm9kdWN0aW9uLAogICAgICBhbmQgZGlzdHJpYnV0aW9uIGFzIGRlZmluZWQgYnkgU2VjdGlvbnMgMSB0aHJvdWdoIDkgb2YgdGhpcyBkb2N1bWVudC4KCiAgICAgICJMaWNlbnNvciIgc2hhbGwgbWVhbiB0aGUgY29weXJpZ2h0IG93bmVyIG9yIGVudGl0eSBhdXRob3JpemVkIGJ5CiAgICAgIHRoZSBjb3B5cmlnaHQgb3duZXIgdGhhdCBpcyBncmFudGluZyB0aGUgTGljZW5zZS4KCiAgICAgICJMZWdhbCBFbnRpdHkiIHNoYWxsIG1lYW4gdGhlIHVuaW9uIG9mIHRoZSBhY3RpbmcgZW50aXR5IGFuZCBhbGwKICAgICAgb3RoZXIgZW50aXRpZXMgdGhhdCBjb250cm9sLCBhcmUgY29udHJvbGxlZCBieSwgb3IgYXJlIHVuZGVyIGNvbW1vbgogICAgICBjb250cm9sIHdpdGggdGhhdCBlbnRpdHkuIEZvciB0aGUgcHVycG9zZXMgb2YgdGhpcyBkZWZpbml0aW9uLAogICAgICAiY29udHJvbCIgbWVhbnMgKGkpIHRoZSBwb3dlciwgZGlyZWN0IG9yIGluZGlyZWN0LCB0byBjYXVzZSB0aGUKICAgICAgZGlyZWN0aW9uIG9yIG1hbmFnZW1lbnQgb2Ygc3VjaCBlbnRpdHksIHdoZXRoZXIgYnkgY29udHJhY3Qgb3IKICAgICAgb3RoZXJ3aXNlLCBvciAoaWkpIG93bmVyc2hpcCBvZiBmaWZ0eSBwZXJjZW50ICg1MCUpIG9yIG1vcmUgb2YgdGhlCiAgICAgIG91dHN0YW5kaW5nIHNoYXJlcywgb3IgKGlpaSkgYmVuZWZpY2lhbCBvd25lcnNoaXAgb2Ygc3VjaCBlbnRpdHkuCgogICAgICAiWW91IiAob3IgIllvdXIiKSBzaGFsbCBtZWFuIGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5CiAgICAgIGV4ZXJjaXNpbmcgcGVybWlzc2lvbnMgZ3JhbnRlZCBieSB0aGlzIExpY2Vuc2UuCgogICAgICAiU291cmNlIiBmb3JtIHNoYWxsIG1lYW4gdGhlIHByZWZlcnJlZCBmb3JtIGZvciBtYWtpbmcgbW9kaWZpY2F0aW9ucywKICAgICAgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0byBzb2Z0d2FyZSBzb3VyY2UgY29kZSwgZG9jdW1lbnRhdGlvbgogICAgICBzb3VyY2UsIGFuZCBjb25maWd1cmF0aW9uIGZpbGVzLgoKICAgICAgIk9iamVjdCIgZm9ybSBzaGFsbCBtZWFuIGFueSBmb3JtIHJlc3VsdGluZyBmcm9tIG1lY2hhbmljYWwKICAgICAgdHJhbnNmb3JtYXRpb24gb3IgdHJhbnNsYXRpb24gb2YgYSBTb3VyY2UgZm9ybSwgaW5jbHVkaW5nIGJ1dAogICAgICBub3QgbGltaXRlZCB0byBjb21waWxlZCBvYmplY3QgY29kZSwgZ2VuZXJhdGVkIGRvY3VtZW50YXRpb24sCiAgICAgIGFuZCBjb252ZXJzaW9ucyB0byBvdGhlciBtZWRpYSB0eXBlcy4KCiAgICAgICJXb3JrIiBzaGFsbCBtZWFuIHRoZSB3b3JrIG9mIGF1dGhvcnNoaXAsIHdoZXRoZXIgaW4gU291cmNlIG9yCiAgICAgIE9iamVjdCBmb3JtLCBtYWRlIGF2YWlsYWJsZSB1bmRlciB0aGUgTGljZW5zZSwgYXMgaW5kaWNhdGVkIGJ5IGEKICAgICAgY29weXJpZ2h0IG5vdGljZSB0aGF0IGlzIGluY2x1ZGVkIGluIG9yIGF0dGFjaGVkIHRvIHRoZSB3b3JrCiAgICAgIChhbiBleGFtcGxlIGlzIHByb3ZpZGVkIGluIHRoZSBBcHBlbmRpeCBiZWxvdykuCgogICAgICAiRGVyaXZhdGl2ZSBXb3JrcyIgc2hhbGwgbWVhbiBhbnkgd29yaywgd2hldGhlciBpbiBTb3VyY2Ugb3IgT2JqZWN0CiAgICAgIGZvcm0sIHRoYXQgaXMgYmFzZWQgb24gKG9yIGRlcml2ZWQgZnJvbSkgdGhlIFdvcmsgYW5kIGZvciB3aGljaCB0aGUKICAgICAgZWRpdG9yaWFsIHJldmlzaW9ucywgYW5ub3RhdGlvbnMsIGVsYWJvcmF0aW9ucywgb3Igb3RoZXIgbW9kaWZpY2F0aW9ucwogICAgICByZXByZXNlbnQsIGFzIGEgd2hvbGUsIGFuIG9yaWdpbmFsIHdvcmsgb2YgYXV0aG9yc2hpcC4gRm9yIHRoZSBwdXJwb3NlcwogICAgICBvZiB0aGlzIExpY2Vuc2UsIERlcml2YXRpdmUgV29ya3Mgc2hhbGwgbm90IGluY2x1ZGUgd29ya3MgdGhhdCByZW1haW4KICAgICAgc2VwYXJhYmxlIGZyb20sIG9yIG1lcmVseSBsaW5rIChvciBiaW5kIGJ5IG5hbWUpIHRvIHRoZSBpbnRlcmZhY2VzIG9mLAogICAgICB0aGUgV29yayBhbmQgRGVyaXZhdGl2ZSBXb3JrcyB0aGVyZW9mLgoKICAgICAgIkNvbnRyaWJ1dGlvbiIgc2hhbGwgbWVhbiBhbnkgd29yayBvZiBhdXRob3JzaGlwLCBpbmNsdWRpbmcKICAgICAgdGhlIG9yaWdpbmFsIHZlcnNpb24gb2YgdGhlIFdvcmsgYW5kIGFueSBtb2RpZmljYXRpb25zIG9yIGFkZGl0aW9ucwogICAgICB0byB0aGF0IFdvcmsgb3IgRGVyaXZhdGl2ZSBXb3JrcyB0aGVyZW9mLCB0aGF0IGlzIGludGVudGlvbmFsbHkKICAgICAgc3VibWl0dGVkIHRvIExpY2Vuc29yIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsgYnkgdGhlIGNvcHlyaWdodCBvd25lcgogICAgICBvciBieSBhbiBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eSBhdXRob3JpemVkIHRvIHN1Ym1pdCBvbiBiZWhhbGYgb2YKICAgICAgdGhlIGNvcHlyaWdodCBvd25lci4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sICJzdWJtaXR0ZWQiCiAgICAgIG1lYW5zIGFueSBmb3JtIG9mIGVsZWN0cm9uaWMsIHZlcmJhbCwgb3Igd3JpdHRlbiBjb21tdW5pY2F0aW9uIHNlbnQKICAgICAgdG8gdGhlIExpY2Vuc29yIG9yIGl0cyByZXByZXNlbnRhdGl2ZXMsIGluY2x1ZGluZyBidXQgbm90IGxpbWl0ZWQgdG8KICAgICAgY29tbXVuaWNhdGlvbiBvbiBlbGVjdHJvbmljIG1haWxpbmcgbGlzdHMsIHNvdXJjZSBjb2RlIGNvbnRyb2wgc3lzdGVtcywKICAgICAgYW5kIGlzc3VlIHRyYWNraW5nIHN5c3RlbXMgdGhhdCBhcmUgbWFuYWdlZCBieSwgb3Igb24gYmVoYWxmIG9mLCB0aGUKICAgICAgTGljZW5zb3IgZm9yIHRoZSBwdXJwb3NlIG9mIGRpc2N1c3NpbmcgYW5kIGltcHJvdmluZyB0aGUgV29yaywgYnV0CiAgICAgIGV4Y2x1ZGluZyBjb21tdW5pY2F0aW9uIHRoYXQgaXMgY29uc3BpY3VvdXNseSBtYXJrZWQgb3Igb3RoZXJ3aXNlCiAgICAgIGRlc2lnbmF0ZWQgaW4gd3JpdGluZyBieSB0aGUgY29weXJpZ2h0IG93bmVyIGFzICJOb3QgYSBDb250cmlidXRpb24uIgoKICAgICAgIkNvbnRyaWJ1dG9yIiBzaGFsbCBtZWFuIExpY2Vuc29yIGFuZCBhbnkgaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgb24gYmVoYWxmIG9mIHdob20gYSBDb250cmlidXRpb24gaGFzIGJlZW4gcmVjZWl2ZWQgYnkgTGljZW5zb3IgYW5kCiAgICAgIHN1YnNlcXVlbnRseSBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrLgoKICAgMi4gR3JhbnQgb2YgQ29weXJpZ2h0IExpY2Vuc2UuIFN1YmplY3QgdG8gdGhlIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mCiAgICAgIHRoaXMgTGljZW5zZSwgZWFjaCBDb250cmlidXRvciBoZXJlYnkgZ3JhbnRzIHRvIFlvdSBhIHBlcnBldHVhbCwKICAgICAgd29ybGR3aWRlLCBub24tZXhjbHVzaXZlLCBuby1jaGFyZ2UsIHJveWFsdHktZnJlZSwgaXJyZXZvY2FibGUKICAgICAgY29weXJpZ2h0IGxpY2Vuc2UgdG8gcmVwcm9kdWNlLCBwcmVwYXJlIERlcml2YXRpdmUgV29ya3Mgb2YsCiAgICAgIHB1YmxpY2x5IGRpc3BsYXksIHB1YmxpY2x5IHBlcmZvcm0sIHN1YmxpY2Vuc2UsIGFuZCBkaXN0cmlidXRlIHRoZQogICAgICBXb3JrIGFuZCBzdWNoIERlcml2YXRpdmUgV29ya3MgaW4gU291cmNlIG9yIE9iamVjdCBmb3JtLgoKICAgMy4gR3JhbnQgb2YgUGF0ZW50IExpY2Vuc2UuIFN1YmplY3QgdG8gdGhlIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mCiAgICAgIHRoaXMgTGljZW5zZSwgZWFjaCBDb250cmlidXRvciBoZXJlYnkgZ3JhbnRzIHRvIFlvdSBhIHBlcnBldHVhbCwKICAgICAgd29ybGR3aWRlLCBub24tZXhjbHVzaXZlLCBuby1jaGFyZ2UsIHJveWFsdHktZnJlZSwgaXJyZXZvY2FibGUKICAgICAgKGV4Y2VwdCBhcyBzdGF0ZWQgaW4gdGhpcyBzZWN0aW9uKSBwYXRlbnQgbGljZW5zZSB0byBtYWtlLCBoYXZlIG1hZGUsCiAgICAgIHVzZSwgb2ZmZXIgdG8gc2VsbCwgc2VsbCwgaW1wb3J0LCBhbmQgb3RoZXJ3aXNlIHRyYW5zZmVyIHRoZSBXb3JrLAogICAgICB3aGVyZSBzdWNoIGxpY2Vuc2UgYXBwbGllcyBvbmx5IHRvIHRob3NlIHBhdGVudCBjbGFpbXMgbGljZW5zYWJsZQogICAgICBieSBzdWNoIENvbnRyaWJ1dG9yIHRoYXQgYXJlIG5lY2Vzc2FyaWx5IGluZnJpbmdlZCBieSB0aGVpcgogICAgICBDb250cmlidXRpb24ocykgYWxvbmUgb3IgYnkgY29tYmluYXRpb24gb2YgdGhlaXIgQ29udHJpYnV0aW9uKHMpCiAgICAgIHdpdGggdGhlIFdvcmsgdG8gd2hpY2ggc3VjaCBDb250cmlidXRpb24ocykgd2FzIHN1Ym1pdHRlZC4gSWYgWW91CiAgICAgIGluc3RpdHV0ZSBwYXRlbnQgbGl0aWdhdGlvbiBhZ2FpbnN0IGFueSBlbnRpdHkgKGluY2x1ZGluZyBhCiAgICAgIGNyb3NzLWNsYWltIG9yIGNvdW50ZXJjbGFpbSBpbiBhIGxhd3N1aXQpIGFsbGVnaW5nIHRoYXQgdGhlIFdvcmsKICAgICAgb3IgYSBDb250cmlidXRpb24gaW5jb3Jwb3JhdGVkIHdpdGhpbiB0aGUgV29yayBjb25zdGl0dXRlcyBkaXJlY3QKICAgICAgb3IgY29udHJpYnV0b3J5IHBhdGVudCBpbmZyaW5nZW1lbnQsIHRoZW4gYW55IHBhdGVudCBsaWNlbnNlcwogICAgICBncmFudGVkIHRvIFlvdSB1bmRlciB0aGlzIExpY2Vuc2UgZm9yIHRoYXQgV29yayBzaGFsbCB0ZXJtaW5hdGUKICAgICAgYXMgb2YgdGhlIGRhdGUgc3VjaCBsaXRpZ2F0aW9uIGlzIGZpbGVkLgoKICAgNC4gUmVkaXN0cmlidXRpb24uIFlvdSBtYXkgcmVwcm9kdWNlIGFuZCBkaXN0cmlidXRlIGNvcGllcyBvZiB0aGUKICAgICAgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YgaW4gYW55IG1lZGl1bSwgd2l0aCBvciB3aXRob3V0CiAgICAgIG1vZGlmaWNhdGlvbnMsIGFuZCBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0sIHByb3ZpZGVkIHRoYXQgWW91CiAgICAgIG1lZXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zOgoKICAgICAgKGEpIFlvdSBtdXN0IGdpdmUgYW55IG90aGVyIHJlY2lwaWVudHMgb2YgdGhlIFdvcmsgb3IKICAgICAgICAgIERlcml2YXRpdmUgV29ya3MgYSBjb3B5IG9mIHRoaXMgTGljZW5zZTsgYW5kCgogICAgICAoYikgWW91IG11c3QgY2F1c2UgYW55IG1vZGlmaWVkIGZpbGVzIHRvIGNhcnJ5IHByb21pbmVudCBub3RpY2VzCiAgICAgICAgICBzdGF0aW5nIHRoYXQgWW91IGNoYW5nZWQgdGhlIGZpbGVzOyBhbmQKCiAgICAgIChjKSBZb3UgbXVzdCByZXRhaW4sIGluIHRoZSBTb3VyY2UgZm9ybSBvZiBhbnkgRGVyaXZhdGl2ZSBXb3JrcwogICAgICAgICAgdGhhdCBZb3UgZGlzdHJpYnV0ZSwgYWxsIGNvcHlyaWdodCwgcGF0ZW50LCB0cmFkZW1hcmssIGFuZAogICAgICAgICAgYXR0cmlidXRpb24gbm90aWNlcyBmcm9tIHRoZSBTb3VyY2UgZm9ybSBvZiB0aGUgV29yaywKICAgICAgICAgIGV4Y2x1ZGluZyB0aG9zZSBub3RpY2VzIHRoYXQgZG8gbm90IHBlcnRhaW4gdG8gYW55IHBhcnQgb2YKICAgICAgICAgIHRoZSBEZXJpdmF0aXZlIFdvcmtzOyBhbmQKCiAgICAgIChkKSBJZiB0aGUgV29yayBpbmNsdWRlcyBhICJOT1RJQ0UiIHRleHQgZmlsZSBhcyBwYXJ0IG9mIGl0cwogICAgICAgICAgZGlzdHJpYnV0aW9uLCB0aGVuIGFueSBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUgbXVzdAogICAgICAgICAgaW5jbHVkZSBhIHJlYWRhYmxlIGNvcHkgb2YgdGhlIGF0dHJpYnV0aW9uIG5vdGljZXMgY29udGFpbmVkCiAgICAgICAgICB3aXRoaW4gc3VjaCBOT1RJQ0UgZmlsZSwgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QKICAgICAgICAgIHBlcnRhaW4gdG8gYW55IHBhcnQgb2YgdGhlIERlcml2YXRpdmUgV29ya3MsIGluIGF0IGxlYXN0IG9uZQogICAgICAgICAgb2YgdGhlIGZvbGxvd2luZyBwbGFjZXM6IHdpdGhpbiBhIE5PVElDRSB0ZXh0IGZpbGUgZGlzdHJpYnV0ZWQKICAgICAgICAgIGFzIHBhcnQgb2YgdGhlIERlcml2YXRpdmUgV29ya3M7IHdpdGhpbiB0aGUgU291cmNlIGZvcm0gb3IKICAgICAgICAgIGRvY3VtZW50YXRpb24sIGlmIHByb3ZpZGVkIGFsb25nIHdpdGggdGhlIERlcml2YXRpdmUgV29ya3M7IG9yLAogICAgICAgICAgd2l0aGluIGEgZGlzcGxheSBnZW5lcmF0ZWQgYnkgdGhlIERlcml2YXRpdmUgV29ya3MsIGlmIGFuZAogICAgICAgICAgd2hlcmV2ZXIgc3VjaCB0aGlyZC1wYXJ0eSBub3RpY2VzIG5vcm1hbGx5IGFwcGVhci4gVGhlIGNvbnRlbnRzCiAgICAgICAgICBvZiB0aGUgTk9USUNFIGZpbGUgYXJlIGZvciBpbmZvcm1hdGlvbmFsIHB1cnBvc2VzIG9ubHkgYW5kCiAgICAgICAgICBkbyBub3QgbW9kaWZ5IHRoZSBMaWNlbnNlLiBZb3UgbWF5IGFkZCBZb3VyIG93biBhdHRyaWJ1dGlvbgogICAgICAgICAgbm90aWNlcyB3aXRoaW4gRGVyaXZhdGl2ZSBXb3JrcyB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbG9uZ3NpZGUKICAgICAgICAgIG9yIGFzIGFuIGFkZGVuZHVtIHRvIHRoZSBOT1RJQ0UgdGV4dCBmcm9tIHRoZSBXb3JrLCBwcm92aWRlZAogICAgICAgICAgdGhhdCBzdWNoIGFkZGl0aW9uYWwgYXR0cmlidXRpb24gbm90aWNlcyBjYW5ub3QgYmUgY29uc3RydWVkCiAgICAgICAgICBhcyBtb2RpZnlpbmcgdGhlIExpY2Vuc2UuCgogICAgICBZb3UgbWF5IGFkZCBZb3VyIG93biBjb3B5cmlnaHQgc3RhdGVtZW50IHRvIFlvdXIgbW9kaWZpY2F0aW9ucyBhbmQKICAgICAgbWF5IHByb3ZpZGUgYWRkaXRpb25hbCBvciBkaWZmZXJlbnQgbGljZW5zZSB0ZXJtcyBhbmQgY29uZGl0aW9ucwogICAgICBmb3IgdXNlLCByZXByb2R1Y3Rpb24sIG9yIGRpc3RyaWJ1dGlvbiBvZiBZb3VyIG1vZGlmaWNhdGlvbnMsIG9yCiAgICAgIGZvciBhbnkgc3VjaCBEZXJpdmF0aXZlIFdvcmtzIGFzIGEgd2hvbGUsIHByb3ZpZGVkIFlvdXIgdXNlLAogICAgICByZXByb2R1Y3Rpb24sIGFuZCBkaXN0cmlidXRpb24gb2YgdGhlIFdvcmsgb3RoZXJ3aXNlIGNvbXBsaWVzIHdpdGgKICAgICAgdGhlIGNvbmRpdGlvbnMgc3RhdGVkIGluIHRoaXMgTGljZW5zZS4KCiAgIDUuIFN1Ym1pc3Npb24gb2YgQ29udHJpYnV0aW9ucy4gVW5sZXNzIFlvdSBleHBsaWNpdGx5IHN0YXRlIG90aGVyd2lzZSwKICAgICAgYW55IENvbnRyaWJ1dGlvbiBpbnRlbnRpb25hbGx5IHN1Ym1pdHRlZCBmb3IgaW5jbHVzaW9uIGluIHRoZSBXb3JrCiAgICAgIGJ5IFlvdSB0byB0aGUgTGljZW5zb3Igc2hhbGwgYmUgdW5kZXIgdGhlIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mCiAgICAgIHRoaXMgTGljZW5zZSwgd2l0aG91dCBhbnkgYWRkaXRpb25hbCB0ZXJtcyBvciBjb25kaXRpb25zLgogICAgICBOb3R3aXRoc3RhbmRpbmcgdGhlIGFib3ZlLCBub3RoaW5nIGhlcmVpbiBzaGFsbCBzdXBlcnNlZGUgb3IgbW9kaWZ5CiAgICAgIHRoZSB0ZXJtcyBvZiBhbnkgc2VwYXJhdGUgbGljZW5zZSBhZ3JlZW1lbnQgeW91IG1heSBoYXZlIGV4ZWN1dGVkCiAgICAgIHdpdGggTGljZW5zb3IgcmVnYXJkaW5nIHN1Y2ggQ29udHJpYnV0aW9ucy4KCiAgIDYuIFRyYWRlbWFya3MuIFRoaXMgTGljZW5zZSBkb2VzIG5vdCBncmFudCBwZXJtaXNzaW9uIHRvIHVzZSB0aGUgdHJhZGUKICAgICAgbmFtZXMsIHRyYWRlbWFya3MsIHNlcnZpY2UgbWFya3MsIG9yIHByb2R1Y3QgbmFtZXMgb2YgdGhlIExpY2Vuc29yLAogICAgICBleGNlcHQgYXMgcmVxdWlyZWQgZm9yIHJlYXNvbmFibGUgYW5kIGN1c3RvbWFyeSB1c2UgaW4gZGVzY3JpYmluZyB0aGUKICAgICAgb3JpZ2luIG9mIHRoZSBXb3JrIGFuZCByZXByb2R1Y2luZyB0aGUgY29udGVudCBvZiB0aGUgTk9USUNFIGZpbGUuCgogICA3LiBEaXNjbGFpbWVyIG9mIFdhcnJhbnR5LiBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IKICAgICAgYWdyZWVkIHRvIGluIHdyaXRpbmcsIExpY2Vuc29yIHByb3ZpZGVzIHRoZSBXb3JrIChhbmQgZWFjaAogICAgICBDb250cmlidXRvciBwcm92aWRlcyBpdHMgQ29udHJpYnV0aW9ucykgb24gYW4gIkFTIElTIiBCQVNJUywKICAgICAgV0lUSE9VVCBXQVJSQU5USUVTIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGVpdGhlciBleHByZXNzIG9yCiAgICAgIGltcGxpZWQsIGluY2x1ZGluZywgd2l0aG91dCBsaW1pdGF0aW9uLCBhbnkgd2FycmFudGllcyBvciBjb25kaXRpb25zCiAgICAgIG9mIFRJVExFLCBOT04tSU5GUklOR0VNRU5ULCBNRVJDSEFOVEFCSUxJVFksIG9yIEZJVE5FU1MgRk9SIEEKICAgICAgUEFSVElDVUxBUiBQVVJQT1NFLiBZb3UgYXJlIHNvbGVseSByZXNwb25zaWJsZSBmb3IgZGV0ZXJtaW5pbmcgdGhlCiAgICAgIGFwcHJvcHJpYXRlbmVzcyBvZiB1c2luZyBvciByZWRpc3RyaWJ1dGluZyB0aGUgV29yayBhbmQgYXNzdW1lIGFueQogICAgICByaXNrcyBhc3NvY2lhdGVkIHdpdGggWW91ciBleGVyY2lzZSBvZiBwZXJtaXNzaW9ucyB1bmRlciB0aGlzIExpY2Vuc2UuCgogICA4LiBMaW1pdGF0aW9uIG9mIExpYWJpbGl0eS4gSW4gbm8gZXZlbnQgYW5kIHVuZGVyIG5vIGxlZ2FsIHRoZW9yeSwKICAgICAgd2hldGhlciBpbiB0b3J0IChpbmNsdWRpbmcgbmVnbGlnZW5jZSksIGNvbnRyYWN0LCBvciBvdGhlcndpc2UsCiAgICAgIHVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyAoc3VjaCBhcyBkZWxpYmVyYXRlIGFuZCBncm9zc2x5CiAgICAgIG5lZ2xpZ2VudCBhY3RzKSBvciBhZ3JlZWQgdG8gaW4gd3JpdGluZywgc2hhbGwgYW55IENvbnRyaWJ1dG9yIGJlCiAgICAgIGxpYWJsZSB0byBZb3UgZm9yIGRhbWFnZXMsIGluY2x1ZGluZyBhbnkgZGlyZWN0LCBpbmRpcmVjdCwgc3BlY2lhbCwKICAgICAgaW5jaWRlbnRhbCwgb3IgY29uc2VxdWVudGlhbCBkYW1hZ2VzIG9mIGFueSBjaGFyYWN0ZXIgYXJpc2luZyBhcyBhCiAgICAgIHJlc3VsdCBvZiB0aGlzIExpY2Vuc2Ugb3Igb3V0IG9mIHRoZSB1c2Ugb3IgaW5hYmlsaXR5IHRvIHVzZSB0aGUKICAgICAgV29yayAoaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0byBkYW1hZ2VzIGZvciBsb3NzIG9mIGdvb2R3aWxsLAogICAgICB3b3JrIHN0b3BwYWdlLCBjb21wdXRlciBmYWlsdXJlIG9yIG1hbGZ1bmN0aW9uLCBvciBhbnkgYW5kIGFsbAogICAgICBvdGhlciBjb21tZXJjaWFsIGRhbWFnZXMgb3IgbG9zc2VzKSwgZXZlbiBpZiBzdWNoIENvbnRyaWJ1dG9yCiAgICAgIGhhcyBiZWVuIGFkdmlzZWQgb2YgdGhlIHBvc3NpYmlsaXR5IG9mIHN1Y2ggZGFtYWdlcy4KCiAgIDkuIEFjY2VwdGluZyBXYXJyYW50eSBvciBBZGRpdGlvbmFsIExpYWJpbGl0eS4gV2hpbGUgcmVkaXN0cmlidXRpbmcKICAgICAgdGhlIFdvcmsgb3IgRGVyaXZhdGl2ZSBXb3JrcyB0aGVyZW9mLCBZb3UgbWF5IGNob29zZSB0byBvZmZlciwKICAgICAgYW5kIGNoYXJnZSBhIGZlZSBmb3IsIGFjY2VwdGFuY2Ugb2Ygc3VwcG9ydCwgd2FycmFudHksIGluZGVtbml0eSwKICAgICAgb3Igb3RoZXIgbGlhYmlsaXR5IG9ibGlnYXRpb25zIGFuZC9vciByaWdodHMgY29uc2lzdGVudCB3aXRoIHRoaXMKICAgICAgTGljZW5zZS4gSG93ZXZlciwgaW4gYWNjZXB0aW5nIHN1Y2ggb2JsaWdhdGlvbnMsIFlvdSBtYXkgYWN0IG9ubHkKICAgICAgb24gWW91ciBvd24gYmVoYWxmIGFuZCBvbiBZb3VyIHNvbGUgcmVzcG9uc2liaWxpdHksIG5vdCBvbiBiZWhhbGYKICAgICAgb2YgYW55IG90aGVyIENvbnRyaWJ1dG9yLCBhbmQgb25seSBpZiBZb3UgYWdyZWUgdG8gaW5kZW1uaWZ5LAogICAgICBkZWZlbmQsIGFuZCBob2xkIGVhY2ggQ29udHJpYnV0b3IgaGFybWxlc3MgZm9yIGFueSBsaWFiaWxpdHkKICAgICAgaW5jdXJyZWQgYnksIG9yIGNsYWltcyBhc3NlcnRlZCBhZ2FpbnN0LCBzdWNoIENvbnRyaWJ1dG9yIGJ5IHJlYXNvbgogICAgICBvZiB5b3VyIGFjY2VwdGluZyBhbnkgc3VjaCB3YXJyYW50eSBvciBhZGRpdGlvbmFsIGxpYWJpbGl0eS4KCiAgIEVORCBPRiBURVJNUyBBTkQgQ09ORElUSU9OUwoKICAgQVBQRU5ESVg6IEhvdyB0byBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLgoKICAgICAgVG8gYXBwbHkgdGhlIEFwYWNoZSBMaWNlbnNlIHRvIHlvdXIgd29yaywgYXR0YWNoIHRoZSBmb2xsb3dpbmcKICAgICAgYm9pbGVycGxhdGUgbm90aWNlLCB3aXRoIHRoZSBmaWVsZHMgZW5jbG9zZWQgYnkgYnJhY2tldHMgIltdIgogICAgICByZXBsYWNlZCB3aXRoIHlvdXIgb3duIGlkZW50aWZ5aW5nIGluZm9ybWF0aW9uLiAoRG9uJ3QgaW5jbHVkZQogICAgICB0aGUgYnJhY2tldHMhKSAgVGhlIHRleHQgc2hvdWxkIGJlIGVuY2xvc2VkIGluIHRoZSBhcHByb3ByaWF0ZQogICAgICBjb21tZW50IHN5bnRheCBmb3IgdGhlIGZpbGUgZm9ybWF0LiBXZSBhbHNvIHJlY29tbWVuZCB0aGF0IGEKICAgICAgZmlsZSBvciBjbGFzcyBuYW1lIGFuZCBkZXNjcmlwdGlvbiBvZiBwdXJwb3NlIGJlIGluY2x1ZGVkIG9uIHRoZQogICAgICBzYW1lICJwcmludGVkIHBhZ2UiIGFzIHRoZSBjb3B5cmlnaHQgbm90aWNlIGZvciBlYXNpZXIKICAgICAgaWRlbnRpZmljYXRpb24gd2l0aGluIHRoaXJkLXBhcnR5IGFyY2hpdmVzLgoKICAgQ29weXJpZ2h0IFt5eXl5XSBbbmFtZSBvZiBjb3B5cmlnaHQgb3duZXJdCgogICBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKICAgeW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZSB3aXRoIHRoZSBMaWNlbnNlLgogICBZb3UgbWF5IG9idGFpbiBhIGNvcHkgb2YgdGhlIExpY2Vuc2UgYXQKCiAgICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjAKCiAgIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvciBhZ3JlZWQgdG8gaW4gd3JpdGluZywgc29mdHdhcmUKICAgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKICAgV0lUSE9VVCBXQVJSQU5USUVTIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGVpdGhlciBleHByZXNzIG9yIGltcGxpZWQuCiAgIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9ucyBhbmQKICAgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuCg==",
+  "version": "v1.0",
+  "download_url": "https://github.com/hellracer/cs-haproxy-bouncer/releases/tag/v1.0",
+  "asset_url": "https://api.github.com/repos/hellracer/cs-haproxy-bouncer/zipball/v1.0",
+  "status": "stable"
+ }
+]
\ No newline at end of file

diff --git a/blockers/list.json b/blockers/list.json
new file mode 100644 (file)
index 0000000..1050b06
--- /dev/null
+++ b/blockers/list.json
@@ -0,0 +1,36 @@
+[
+    {
+        "name": "cs-nginx-bouncer",
+        "author": "crowdsecurity",
+        "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAJIElEQVR4nO2de3BU1R3HP+fukheQlJdVIAgiFKUIhSoEeeRBEqzN0KGBsRaTEHBaa4UAikAgBAkglPJsxzIdSAhFrGGYKaIhYReiVR61EEWLBErBgoISsLwSILv39A+GsToE9t69zzSff3N+5/fd882es7vn3N+BZppppplmmnEhhYWFSmFhoWK3jnAQdgvQS2rpY8NVVV0BRAhFTPVlba+wW5MeXGdA2rq0eNUjFkjJOL6pf5tQg5N9ub5/2aVND64xIK00raUaVF6QQr4IRDXS7DrIP0R4PXPKx5VftFKfXpxvgESMWJ/+lISXgXtCjKpFUNQ2OvZ3ZWPLgmbKCxdHG5C8Pv0RIVkBJOjs4oBETtmZU/mOkbqMxJEGJP7psc7eoLrwFvO8XrZ5FDmpMqvyuAF9GYqjDMhYkxFTH9EwXQp1Oohog7t35PrgsVsAABKR3HXkmIA3uBXBKBAtTMjiATEwqMrs7j/pfjmr31PVVVVV0oQ8mrD9HZBSPPJhFLkCyWAr8wrYjyLyfFnb37Uy7y102EPy+h93UmhYZOA8r5dtQSmeqxq//YQdyS1/4RlrMmKuRF1/TkhmA62szn9rZL2QYlW9GrngvQlbL1mZ2bo14OY83yL4FyHJBCIsy31HRAsEQ7xK0PL1wZJ3QGpp6g+DqmeFQD5qRb7wEX9XCebtytnxnumZzOw8dW1qR9XjmQtyIuC2Xy2lEGxWGzwv7Jz41qdmJTHFgITXx0RH11+cJCT5QGszclhInZCsDrS8VlQ1tuqy0Z0bbkBycVqGEGIV0NXovu1FfiYQs3zZFRsQGLY+GGZAUknaAAWxHBhqVJ8O5X2pyryduZW7jegsbAPSN6TfEwiKQpATcMo3a/ORQrAZEXzel+X7dzgd6TZgzOtjIs7XX3wGyUtAbDgiXEydkOI3V1q2XrxnbFm9ng50GXBjnldWgLxPT3wT5JSAfD3rgyYDktel9xcKy4FhmuT9nyAk+0DJ840v3xtyTKgNU9anr0WSQ5if5wfHJ5DZezQ92/UgyhtFXUMdJy+c4oMzH/JGzTbOXP4inO516QCoqT3C5kNb2HMy5LFrDBVBiT+7YkIojUM3oCQ97I9eEwfk8sT3xzb694AaoKS6lD9/XIY07pOeJh2vfvQa6w6UhJ3Dn1MR0tha9u10cHzCbQcfwKt4mTggl18P/JVtOp7s8wSDOg80Lf+3scyAzN6jQ247qlcGWX3H2aZDi9ZwscyAHu3u19Q+q984RvXKsEVHz3Y9Dc/bGJYZEO3VvsX77CPPMKSLsRtloeiIaWH0dnTjOPoXSkUozBw2g9539bZbimk42gCASE8E85PnEh8Xb7cUU3C8AQCxkbEsSVtEh5j2dksxHFcYANAhpj0LRxTRKsIh28gG4RoDALq16Uph0hxaeMw4NmQPrjIAoN/dfZn+6DSEsP1IkyG4zgCApG6JPD0gpJ9aHI8rDQAY2zuTnz5o3TdWs3CtAQC/fPhpUrun2C0jLFxtgEAwbfAUBnTsb7cU3TjOgI+//Iem9l7FS8HwfO5r080kRebiOAPy/QUc/+qEppiWES1ZNKKI77a6yxxRJuI4A65cv8Is32zOXjmrKa5dTDuWpC4iLirOJGXm4DgDAM7W1TLTN4fL17UdROsU24milHlEeRt7iNJ5ONIAgBP/OcHcXS/REGzQFPdA+17MHj4Tj3DHESXHGgDw4ZmDLH53KVJq2x8e1HkgkwY9a5IqY3G0AQBVJ95m9b7fa457vOeP+PlDPzNBkbE43gCArTXb2Hxoi+a4nB9kMbJHugmKjMMVBgCsef+P7Djm1xQjEExNmMzgeL3PeZuPawyQSH67ezn7Pz+gKU4RCvnDZvBghwdMUhYerjEAbhzcmldVxD/PH9MUF+mNZH7KPOLjOpukTD+uMgCgrqGOfH8BX1z+UlNcXGQsC1Lmm6RKP64zAOBc3TmmV87gwtULmuI6tg612Ip1uNIAgM8ufU6+v4Crgat2SwkL1xoAcLi2hqK3FxGUji4JdFtcbQDA3lP7WLVX+xc1p+B6AwDePPIWGw9usluGLpqEAQAl1aVsP+q+wolNxgCJZNmelew+ucduKZpoMgYAqFJlwTsvc+jsJ3ZLCZkmZQDAtcA15vjncvLCKbulhESTMwDgwrWLzPLP4Xz9V3ZLuSNN0gCA05dOM9tfQH1A1/PTlmGZAaEMRF1DnaE5j5w7SsHOeQTUgKY4o3XcDssMOFJ79I5tamqPGJ63+vQHLNu9UtNjr2boaAzLDAhlR0vPrlcoVB7bQUl1acjtzdJxKywzYM/Jvbz60WuN/n3jwU3sO/U30/JvPLiJlXtX33EqNFvHt7H0SXm4cWIhs/dovtf+xqOgh8/WsPnQFstedNvoNiR1S2JIl8F0iYsnLiqO+kC94TpCfVJeS62Il5DyeRNKCjcxZD1CLPVnVxSE0lpbtRTnFFt1KpqLhOsaRLvKDTsVAfulZIp/fMVfdcTqRCKSS0ZmCiGXAl109+NuTgtkYZuYuLV6L4oIexoxueS8UzGsFL5h87gJly44FUMvCzJ8oJJK0wYqKitADDK6b5uplsg8o69DMec/9euLdxYDd5uSwzpMvRDI1KkixKunnEoDyFfMvvLEkrn6NpevOZVtEiVvZ065tjOQOrB0MEYUj0yUQi4H+lmZVwOfCEVMsfJaREs3ZHzjt1cNPZEwQEA2YE19ytA4hyCvbUxsH6vvpLRtOnDI+tAA8hVxTS3w/cKn7aCpQdg+HyduSL/fq7JQSsZYnNqHqkz255YfsjjvN7DdgJukrE9PApYj6WtmHgmHEXLqzuzKcjPzhIpjNuX92RW7hh5P6G/i+nAeQZ5677U+Thl8cNA74H9JLE78jpfIGVKQB0SG2V0DiOJgRIv8qiffqDVCn5E40oCbpBan9pCKsiCM9cGnQt6unAptFUAsxNEG3CS1ZGSKilwGPBRSgKBGSKb5cireNFdZ+LjCAIDEXYle76cRuRIxH2isLMp5KVjSLjp2ednYsutW6tOLawy4yZCNj7eJuh54UQqm8PVtfAEQ6yJUMbs8t1xbmRWbcZ0BN0krTusVFGIZgEfKqZXjKw/bramZZppppplmtPBfF3sPBXFW2BYAAAAASUVORK5CYII="
+    },{
+        "name": "cs-wordpress-bouncer",
+        "author": "crowdsecurity",
+        "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAYRklEQVR4nO1dd3hUVdr/TabX9N4IJCGYkJAECF2T0KSoGLDifrqAfDYQRNT1cZfdz3VXmiiK4u6KIr0LCkozVCEBAmlASMiENNInkymZ/v2RZJhzp9w7KeDzbH5/zT33zHvOPe8973nbORfoRz/60Y9+9KMf/ehHP/rx3wbWg+6AKyQv/yEkKlA802gyjVS1G+Nb1LqINq1BqjOYuEqtgaPVGz0AQMjjmGVCrpHPZRukQm6bj4hfIRZyijlsdk55nfpQ3srHax70szjD74oBics2i2OCQxYqtfpZ5fVtSbfrlVKLpWc0WSxgUKCsbYC/9JpUyN2bU9WyseqTp7S90+Oe43fBgNlrjs9QqHXvXpY3jlKo9ey+bEsq5JqTInyuS4Xc1Yffm/odwOohi3uGB8aAAS9uEiQlhK7Ou904r7JJLXgQfQj3lWiTB/j8u6jS9Hbp+mm6B9GH+86AxGWbxQMCAjdcLG14tr5Vy3VVl+3BQlKkL4YN8EFMsCcGB3shKkAKqZALLxEPYj4HAKDWGaHQ6NGmNeB2vRIlta0oqWnFVXkTrlU0w0wjxwI9hYYRMQFbatS61y+vmKnpvaelx31lwKw1xxddKq1fWdWs5jurE+Itwuy0KGQMDcGEuGB4iXk9arNFrcOp4rs4WViNvRflqFU4H99wX4lubFzAu9sXZa7rUaNu4L4wIGvtyfiqJuWhnNKGKEf3BVw2stKi8MKEGGQmhIDt0TfdMpktOJpfha1nSrE3Rw6dweSwXlq0f1mwn3jm/iWTrvdJR2zQ5wyYtebo0uyi2lUKtd6Dek/M52Be+mC8/VgiQn3Efd0VAvVKLTYcvY51PxVAqTXY3ZcKueb0hJAPflg2+aO+7EefMSD6jcP8CH/LL9nFNQ9TRTCH7YFFU+Px3hPD4Ct1Ko0AADUtGlyr6JDlV+VNkDe0oVWjh0KtR6tGD5PZAomAC5mQCz+ZADFBnogOkiEp0gfj4oIQ6Cl0Sb9B2Y6/78vDhmPXYTSZiXssFjAtOfw3k9CcfmRR3yzSfcKAaSt/CrpT315QVNnsR703Li4IX/xxDIZG+Dj9/5XyRvyQW4H9uXIUVrb0qC9xIV6YlhyOp0YPxMhof6f1rsqb8Po353G+pM7uXmKkT0Okp+fQg+9PtL/ZQ/Q6A2asPBpzo6rlSlmdUmJbzueysfL5kXh9SjxYDlrV6IzYdKoEnx4uROldZW93CwAwKFCGVyYPwfyMOMiE9gqYxQKsO1KI97blQG8kZ0N0oEyVEuubuvP1iSW92adeZcAz606mnb1x93R1i5pQXQYFyrBjcQZSB9pNCLRq9Fj7YwG+PHYdjW3tvdkdp5AJuXh18kN45/EkeIrstayc0gY88+lJyBvaiPIwH7F+/JDA8dsWZeb0Vl96jQFz1p0c/NuNu/nUwc+ID8HetybaPajFAmw9W4rlWy/iruLBeAb8ZQL8dU4qFmTG2WleLWodnlxzHKeKa4nyMB+x/uGhQYlbXs242Rt96BUGPPrRYf+yelXZrdpWqW35EyMisW1RBgRc0rtw624rXv76rN3DPSiMHRyI7157BAMDiO5DZzDhD19kY/eFcqJ8UKBUHRsmjT68fPrdnrbdYwZEv3GYL+JrqwooC+689MH4asE4uzfrh0sVeHHDKbRq9D1tulchEXDx+R/H4A8TYohyk9mCl78+g03ZpOhPjPCpN4pN4UUrnurRg9jp5u5iQIDlGHXwnxgRaTf4JrMF7+/IxZNrjv3uBh8AVO0GvLjhFN7dlkO4LtgeLPxr4XjMGUXakPl3mgNCOZIjPW23RwyY88nxpSeLasbblqXHB2P7ogxi8I0mM/7wRTb+ceAaeupe7isIuGzMGRWFAE8hbtWSWpgHi4XvX0/HpKGhRPnxwuqM2Z8cX96TdrstgrLWnow/UVCZ36q5Z+FGB8mQ+9ETxIJrNJkx9/Ns7Prtdk/62aeYmRqBL+aNRRiNNa5Q65H63n6U19/TjrwlPHP6kKD4vcum3OhO292eAVVNykO2g8/nsrFjcQYx+GaLBc+v//V3Pfj/83AMDiybTDv4AOAl5mHnm5ngce4NW4tK71GjaD/Y3fa7xYCstccXUx1rq19IQ0oUqef/bc8VOw3i94ToIBm+mj/OoWHoDMMH+uHj50cSZRdu1cc8ve7kq93pg9sMSFy2WZxzq/5j27IJQ4Lw6qSHiHo/XKrAh/uudqdP9w1vTksAn+t+AG7R1ASMHRxIlF0oqVszesku144nB+C4+4fIwKAvCy5VWD1oHLYHPntpDPEWmS0W5JTWY/Gj8eBx2JCJeGB7sOAl5oHL9oC3mA8vMQ9SARc/X6vCBzsvEW2MiQ3EB1nJMFssUKj1UGj0UGr10BnM0OqMUOsMVlcBiwV4ifjgcjwgFnAg4LLhJeqgL+ZzcKKgBh8fvObwWcYODnL38a1tfjl/HFLf3Q9DpwPvTpNKkDQ8cj2A+W7RcqfygBc3CbQ8rtI2krVsxlCsnJvmDhkCJrMFgrnfwGS+px7tWpKJ2WkOQwduw2gyQzB3k8Oo2LWVT7p0CtJh6eYLWHe40Hod7CXSi3jeMnfCm26JoKT4sDW2gy8RcLH88SR3SADocEM0KNtRXKXABzsvEYMPAJtP3cKNGgU0OqPbtLugN5pR3azG6h8LnIYky+raHJYzxfuzkiER3HPq1So0vIRIzscu/mIHN0SQhZVXvv2PtiWvTh4CP6l78fQFG8/g21MldoNuix+v3MGPV+4A6GDyAH8Jcj56ws6l4QhvfHMeW8+VQqGmN/ZOFFTjiRGRzDuPDvdE17rhK+Vj4cQ4rPmxwHo/r7zpZcCyhGm2BeMZ8NjHR5+zzV4QcNlYPC2Bec87kTk0xOXgU6FqN6CwsgU/dTKEDiNjAhgNPgBsO1cGrd69WbYvR05cvzUjEULevff4TqNKOHvtiaeZ0mPMAKXWsMz2+ukxAxHsJWL6dytmpkZCxHd77ce2s2WM6j0xPJLRTAE6PJ7rfy52qx/fn74FtY1oDPIS4smRA4g6zar2ZWAIRgwIW7JLmFfRmGhbNnc86bT6/kyp0yC3LcR8DqYmhTHtnxWHr1aiWUW/tkmFXExOZE7/nz9cdSsOYTJb8M2vpCd67vho4vrS7cbkkJc3Mno7GTEgLcznFaXGYK0b7itGenwwUWfNoXyr3KbD7FHuazg6gwl7LjIz6tyhr1Dr8e429+IrG46Ss2bi0FCEeN8b7zatwWNU7MB5TGgxYoBSq59lez1n1EB42Cj+uWUNyL/TjC1nSpmQw4yUCEJuMsVWhvQfc0MMAcCm7BKcvcHMta/SGXCzphUFd5qtZWwPlp3arNIZspjQY8SA8vo2QtfMSAgh7u/pdDccuVrJaDpLBFw8Osx9MXT25l27MKEjyIRcTHFDzFkswBubzttlRThCi6pjgd9LmY3plDGR17clM2mblgGj3z8UerteaQ0VcdgeGBdHWpDHCqoBdOjeOxk63rojhiyWDs2lL+hfq2jG1ydcOzRNZgvKO1+AvRflxL2HhwQTLviyujbZiLd/ojW1aRkQ7COcYWvHpEb5ERkF9UotrlU0Wa+3nGYmJmamRlpzO90BYzGUGum2mPvrnisOk7S6UNGosioaRVUtqGu9F8v2EvMIZ6TZYkFoAGc6XZu0DDCYzYSfISmSNN3P3qgjgiwXS+txs6aVjizEfI5bYqIL16sVuFLeSFtPKuRiSlIobT1bNCjb8dUx59mIV+VNxPW1imbiOpHi1rCwWKPo2qRlgKbdEG97HRviSdwvrrJPnNp6ltlb2h0xBDC3CWaPGug27e9OOU/7yS4iN9rkyckXgTo2aq2RGDtHoGVAs0oXTjQSTDZyo1ph958tZ0oZhR67qw1tP1fGyJqemRLhljYEdMywPMqb3oVsShbH1XKy3mAKA5pV7bR+DloGKDV6IlcjipK6UVJrL27kDW04fZ0+5aS72lCtQoMThfTbvqRCLqZ2g/65m/YZiBWNKhRRZntlk5q4jvInx0apNZAFDkDLAK3eROTwUROsnFmnfS+GmNGf0w0xVOFA1d12tsxuVreoyWenjo1Wb3S5AQVgsgbojYSMkApImm3tjrWG3RfKGTm6uiuGDuTKaXe+dJe+2oEbfOd5+3WH6vSTUvJNNXoTbcP0DNAZiTpU1bHNidrWqtHj4GV614REwMW05HDaelQkhPsQ1rgzSIVct31PnkLyTS6sbEH+nWa7etQZQH05NToj7QLU48QsV4vhltO3GNHojhhy5z9zRrtH309Gxjgcvf2A62dnCloGiPgcwj6nTk8BzzmTf8mvZpR4OzMlwi2jjMWCnQvYJX03jb74cG/i2pl1L6Q8O1Uci/gcWvcwPQN4HGLEqY3IhM430RlNZuz8jV5nF/E5mDqMuRgaHROICD+JtQ06uGv02RqbuWUNTvcrUJ+dakWLeGzaRZDJDCCoUvM6Q31cu72Zeki7K1L+tjevV+lHBUiJQNMOF74n6r42JWVshDyOc79GJ2gZIBVyCZ3MNi0PAG1G2eXbjXb6syNMTw5nFCljsYCsTtevUmvA6kP5di4BR5iREsGIvu2CbbZYXCaWRfiRz15OUV9llLFzBFoG+Ir5hCpD9fPEh5Hy0hGYOOg6jDJ6MTQ6JtDK9AO5crQbTNhyhn6xZ0p/io3hdvZGHaqa1U7rplB2/NyoJsfGV8KX07VHL4IEnCLba6rlOzSSPq9m69lSRjo7EzFhW2fn+Y7FcdtZZq4JOvpeYh4RztzhRPvpwvCB5Ka/klrSLSPkcwpBA1oGcNhsIl5n63oGOrLY6FDVrLbzozgCnTZkq/00trXjeGccolahsf7uCf2skVFW35HRZMY+is+f2pdUSi5sPkUUerBAG+ukZUBFU+tBW4PnSnkTsRCHeIsQF+JFRwbfM7AJ6LQhW+1nX47cmhboDn1XYujZcYOsv48X1qBe6VyFHhLqRRyjoFDrCSeeB4uF0qr2H+n6RMuAyx9l1Q4MlFoXE6PJjDOU+CkTS3ZfjtyhiU+FKzFBih9SPBy4VOHUKmdC30fCxwSbSJ8z48tKhxIDzi6uJcTgoCBZa+Gnj9PuK2ZkCUf5SYg05xMFpCeSiexu0xpwIFdOW8+ZmLAVP7UKDU5fJ18Cjc5olzTlCDOc0J+WHA4Ou2M42g0mHMitcEnnqdGDiOuThaQIjPKTMNKPGTFAIuLts73ec7Gc4HZadABigjzt/kcFE5vAmRiyFT+7frvtcNFlKoYczdjpKRHW30euVrrcx5Y8wBcPhd0TuyazxS5GLBJy9tB2BgwZkFPVslEm4loFbnWzGidtokMsFrBwUhwtneMF1ahpoT+Ox9GMsi1ztuMmu7jWzkfvmD7pouayPTDFRvvp0q6c4QXKTspjBdXEMTieIp45r6D6P7QdAUMGVH3ylDZ5gC+RZE91tL30SKzD7f+2MJkt2M4gq4FqNLFY9xggb2jDhVv1Dv9ntlgYxSGmJ4cTYmh8XJB1QVW1G1wmmAXIhFiQSb5s1LFIifK7LP/2JUbpdoy9oVIhf5Xt9e4L5cTb7C3mY9Gj9Mm6rmKuXRBTtJUxsfeMrx3nb7sMdzIxykR8DiFyZqTe+30gt8JlWvyyxxIJ5t1VaLGfsl54irmrqP9zBsYMOLR80o5wX4lVL2s3mLDupwKizpLpCbTp6oWVLYxcB7YiJyuNXvx0obhKgcu36bMmbOnPsGGGK/oBMiFemTSEKFt9KJ8IPEX4SbT735rESP4DbsUDWJbkgb7f2JZ8eew6GpT3Zpq3mI8PnxlOS4nJW9olhmx9Pzc7z4Gjp08vhqYN6xBDQ0K9EB0kA9ARXj2aX+X0Px8+M5x4+5vadHbJXMkD/Da6cxKjWwGZH07ceCvQU2hVttU6I/55gNyINz9jsN0GNiqYuA7EfA6mDQvH6JhAhPt2iR9m6Sjbz5XRuqlFfA5mpEQQb/++HLndMTVdeHRYOOalDybK/m/vFahs3PPBXiL9LXXLO4w62Qn3ImJHFulGxvhvsy1a/0sxIVI8WCxsfu0Ru/ioLZhmNcweFUW4npnuN65XavFLPr1rYvaoKMy0kf/OXM9eYh6+WkBuZy2404wNlCSu4YP8vnX37Ai3Q5LVav2rYT5iq9wxmsx4/ZtzxMIYFSDFl/PHuaTDRGefnhJhtTivyptw3UEOkjMwCYdOSw7H6E5f1l2FFqccpNKwWMCGeWOtsxDo0Lb+999niVkW4SfR5hfXLGbcwU64zYDLK2Zq0mL9ifMRzt2sw2c/k46/58YOwtLpQ53SOZArp3UdiPkca9DD3d32By/foT0URMjjWBNqd19wbNz9OSsFz4whrd51hwvxWwmpCqfFBixlqnraoltB+T1LJq1Pi/Yn5uvyLTl2nVo5dySeGu04L0fN0HUAdGRF76AxjqjQ6o2MN3QAjteXeemD8ZfZKURZblkD/rQ9lygbExtQsmtx5ldudbAT3c6KCPYTz/QS86xz0GAyY+7nvxK5Mh4sFr579WGnzjom2hDQkfDLZF+APX1m4dCKRpWdcTcjJQJfzh9LlLWodXh63UliofYW800hvtLH3O5cJ7rNgP1LJl3PHBr2lu3CVF7fhllrjqHdZq8Yn8vGvrcmOdx4/WsRM9cBnWvAGU5fr2XEuJ0U4+6lR2Kx962JVucc0GH3zFp9jKDHYgGZicHv7X6z+8eX9SgvaM+SzHWZ8aGnbMtOFdfimXUniQWKx/HAzjcz8WfKdDZbLNh2zvVbarZY3BIltug4l45edd1u04d3HkvCvxdOANdm8E1mC174PNvOAzspIez47jcnMbZ6HaHHiVk1JtXkxEifBtuyg5crsPBfZ4lFjcUCVsxOsVNR6bSh09fvotpFXJYOdGLuRo0C1yqa4SXmYesb6fjHcyMIddNktmDBxjN2W5KSIn3rGu/cmdbtjnWixwwoWvGUPiLA56HYYE9irm/KLsHstcft8kPnjo/G5X/MsoYy6VwHdIEROtysacXFUsfOO6BjcZ+SFIb8VVl4diyp7egMJjz32Ul8S/FfDQqUqSI8ZUmXv15IHwGiQa98LKHk6HeaR55dsEepNr7cpjVYbfWbNa04f7MOjw8fQGTQ+Uj4ePGRWAR7i3HhVh0AlsM0coPJjPkbz0Dj5m52KgQctlNFwGLpOPPBUdb3zJW/4MhV0jUR5iPWjRgUlLT/nczKHnWqEz2eAV3Yu3jyrQlDAieE+YgJ5Tu7uBap7+1HbhkhpeDBYmHhxDiUfvo0BgZKHXo4TxTW9Mphrjt/u+3UxZAeH2x3YNPF0nqkvrvfTuaH+Yh1YwYHjN+9NJ2ZesUAvfq5kIIjm6sfeW7BDrMJLzWrdNYzhRRqPTafvgWJgIu06ADigQVctl1ZF/6+P4+R55QOGr0RKVF+iAt1nTxgtliw9qdCzF2fjWZK5nNssKdqVEzwsB1vZhQ4+Xu30GszoAsHl04tTQjziqYuzHqjGUs3X8D4vxxiNKgWi+PdN+4iPswb7z6ehJhgmct6efImjPvzIby95SKRbQF0LLixYf5R2xY/zMxwcQN9dnx9/IpdvBC2+MiJopoMR8fXvzb5Ibz/5DDa+EFdqxbnS+pwraIZxZUtqGpWo7JJDY3OiFaNHh4eLEgFXEiFXIR4ixAVIEV0oAzDB/kjLcYfATL64+s/3JeHDUeL7VwRLBYwLSniVG25fFJvLLiO0OcfcHjusxOvHMuvWd/Y1m4n7h70Bxw++bEQ638pchgB85HwzZMTw97evjhjbV/24/58wmT1L3E1Le2HLpTWRzu63/UJk+fHR2PS0NAH/gmT0bEBJaG+0sd6YuEyxX39iE/WmmOv5JY1rHX12apgLxGy0gYgIyEUDz8UBG+x6y9s0KFZpcOp67U4WVCDvTnlLjeMRPpJ2sc9FPT2ltfSP+9Ro27gvn/GKnXFIVGoiLc+t7Rh7t1WrctPJDn6jNXAQCkkAi68xTzreW2qdgNa1N3/jFWwl0g/PNrvu/yimkXdcSn3BA/sQ27RbxzmJ0RyV1253Ti/sknl9nmbvYEIP4k2Ocr36wMXFcuxu2enoHcXv4tPGT656th0pVb/3hV506gWte6+fMpQLOCu+vlPUzf/137K0BHCluwSjgjzWaDS6J+UN7Yl365rkzHZV+AKHiwWBgVKlZH+0isSIWdPXkH1f+63mHGF3xUDqIh/e1dQdKDXDABpKo0+vkWtj2xrN0i1OiNXpTNyu/Ywi/gcs4TPMQj5HINUwG3zkQgqxAJ2IZvFyimp1B5ikqXcj370ox/96Ec/+tGPfvSjH/cL/w/RdOpfEcCqbwAAAABJRU5ErkJggg=="
+    },
+    {
+        "name": "cs-firewall-bouncer",
+        "author": "crowdsecurity",
+        "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAO10lEQVR4nO2deXRUVZ7HP/fVmlRCErJvQkhCEkJCQgFhTQBlCaI20CAgyKBGzWjPONMObqg96sHpFnV6tM/x2GL3uHGOM+fQC3bjQhM2lQ4DjRA3BLUhUAkkgYQkVamqd+ePkJCQKrLUq0p5Tn3+eq/evb/7e+/73l1/7xWECBEiRIgQIUKECBEiRIgQIUIEDDHcDviC1Wo1NBGWrFcceqeitH574EDdcPs0WH5wAoyxzrxOrzrvRIhyYCKg63G4ScBfpGTL14c/3QHI4fFy4PxgBBhrtcahGjYjWA0YBpDlC6R8NiUqbGtVVZXL3/4NlR+EADnWkjlSFVsRJA4h+z5VGpZ+c3jvOc0d04CgFyBn0owcqboPAFE+mDlqcJin19RUXdLKL61QhtuB/pBu9xZ8u/gABU6zfaMW/mhNUD8BuRNLrCrioEbmOoSiK/zq4P6vNLKnCUH9BKhCLNfQnFGq6mMa2tOEoBYAlYnaGpTLRxfNjtbWpm8EtwBCjNfYotmo2BdobNMnglsAZMxgUkdHRzEqPR0hvDdtEjnfZ7c0RD/cDnhj9OzZZprt5q79/LxckhIT2Lv/UzqcHb3SCiG4/54KVixbgk5ROP7NSR564klsdfV97ArEZP97P3CC9glQWlpMXduL5s/j1Zf+k6cff4znn30avb73fXPjgvmsWr4MndJ5OtlZY/j3xx7xZjrLXz4PhaAVQI2MdACYTSZ+Unk3NpuNkydPYC0uYm5Zaa+0t69eCcDB6moOVlcDUJA/juIJhZ5Mmwii8w4aR67mu6qqDoD8cXlERkRw953rWbNqJcePH2fmtJLudJGREaSlpvD2m29QeU8FlfdU8M7bb9GZN9eDZdkMqIE4h4EQtALQeZE64uPisNls2Gw2nE4n2//wexIS4rsTxcaMBOi+6ABbL293HeuNaPGn04MlmAUAaLx48SIjRoxAuVy/nz9/nsbGpu4Etvp6pJRcunRlmqelpfMan7X1XR4QQTZFHdwCCNHwxVdfYzAamFVaRphJclvZOUoN93L0uSPseqKGX66toeHYc5TOKO7ONqVkKlJKDh463MekhLTCwkJLIE/jWuj6TzJ8xCan3mp3OEaZzWb+9Y4Z3DdzG/G6w3x7qpX0BAgzuqk/105RwieUT/iO4vEJxCUXcs8/P8n+T6vZ9sftnswKF6bfNdhOnQn0+XgiaMcBnYgGgPPHnid2XC16nYs2vaAou/OoXgejkwWqBIU2yrK+pCzrSxyndnLkhIUYSyJNrX3vMSFkIVAdyDPxRpBXQTTeNbeOTSu/R690LmqFm0HX45omxQqUHgPfCy2SP1Y1s2C8jefWfOfFsJzrN58HSVALICUNyyfX0eHsP62jA7btVnn5f90UZQsiLb2F6WVXsGD27NlB8fQHtQAKNNjdRv70scppLwuKHU748K8qz73tIjYKHl2nJyu988pbkq/3Zjq2ttmx0C9OD5KguAu8oUraH383ndf/8TQ7D1zivX2SjBSB2QhuCd+dgbMNkmkFgg1r9Rh7nI0zYhYJWc8QHlZBW3u7B+uyAvDYSgeS4O4FpaQtq79onGFKX8NtpU2MS2ugqUWiqhBuEhTlKCyappCRItBdfpZdYQW0pj5LW/JG9AYLp2vP8PU3J/rYFjA2LinlvQZb7bD2hoK6ChJC3Ajg1qVyMXMbptgiphcolBYrTMkXpMVD18yzakjh0nWvcDH7IzqibqJrtbV8/g1ezatCPOP/s7g2QStA9qSSeUiZD2CJCEfqYmge8zvssXeiGpJB6EDocJvzaE3ZxIWcAziil3L1MndRYQEpyUkeyxCIBbmTps7297lci6AUID8/3yhU8XzXflJiZziQVMJpTX2WprwjNBScpaHgLBfG7sYedxdSMXm0JYSgfP48r2W5VV5NsVrDNT6FAROUAnSYIp8GCgAURSFv7Fif7N1UvhCdznNzJyA7UjU861MBPhB0AuRMnLpCwL917ReMG0d0tG9hQQnxcUyfWuL1uBTcP1xVUVAJkF00vQj4DT0q8iU336iJ7R8tLr/WYUVVeaOgYOag1qC1IGgEyMoqNwmdfEtCd30cHR3FnFmzNLFfMmkSyUnXDC1Ndxhcr2lS2CAIGgGUqKZNXb2eLpYvuQWDcSCB0AOwrygsLu938Ls0p3jaHZoUOECCQoCxE6fMQvJAz99iR8ay6sfLNC3n5kULvDbGXUihPp9RUjKUKOwhEQwCKKC8xFW+VKxfi9ls9pJlaMSOjGVOaX9Vmog2uPiFpgVfg2EXYKx16lpgQs/fiicUsnihfwLY1t22EiEElvBw8nK9dG+lWJtdPL3U80FtGVYB0qZNCwO6pgNcAJbwcDZueLB7DVhrMjMymDV9Gq1tbdjq6ln546UYDcarkwmE+iuWL/f7XNmwCmBxcA+SNIDkxISLAA/cX9lfb8Vnbl22BICmpgvs/fgTNj70UwyG3hPDAsbnnDi10q+OMIwCZGWVmyTyQYDw8LCPJIzMGZvNomtMG2hFUWEBo9LTAag9c5bqQ4d54L7KPukkPIqfr9GwCaCMaFwHpAJy3epVJltdvVi3euU1A2u1QgjBTYuutDHv7fiAycXFTBjfJxh7XJa1xOt0qhYMlwAKiA0A4WFhHztdzhkjY2KYOW1qwBwoyL8y5FBVlT9/uJNVK/p2exUp7vWnH8MiQO7EafOATIB/ua/SUX3wsLJw3g19gm79SdaYMb0a+qOf11Ay2dod4NuDxf58qWNYBFCRd17erL/++jk5X359nIXzvK7f+oWwMDNpqSnd+42NFzAZTSSnJF+d1GDQORb5y4+AC5BVPCseuAVAp1N22Wz1SRaLhcyM0YF2hTGjR3Vv6/WdPc5wD4M/IfHbAn7ABRDCtRQwAsTHxZ+qq6vTFRXmB6TxvZoRkSO6t1Mv3/kdnmJghNbvql0h4AIoyO5+5qhRaUKVKlmZmYF2A4CIiIjubWtxEVJK6s95iH+RMtdqtWozK3gVgRVg+XKdlMzp2o2LjY2Oi43lurS0gLrRRUREZ4yu2WRi3ty5nDpd6yWEBV1HR1iEpwO+EtC4oNyTp8epgu6gfZfLPSo7cwxxIz3F8fufyMsC3LhwPpERFnbt3uM1bbte+OVaBfQJcKH26mKcPPntOICYmOF5dVcIQXR0FBXr1wHwyV+9xus2f3N473l/+BDQJ+Du0jpHTrrdmRjlNLy9P573/3YyZceHH7Fwnl8Hm15pbrnEkw8/xIjISBqbGtn/6QFvSY/hpxc7AiaA3GXMRTn7Dpe/9TMl8xJPR6SxafOLmM1mZs+aGShXurllUTmWCAvfnz7Du9u24XZ7fnVMIPf7y4eAhCbKg4Tj1H+IoLu7IwSU5jXzbZ2BX//PYdJSU/0+FhDuC0SdXIql9hH09s/Y800Sz7z0Gjuq9nH2fBPR8fFEREWjSjcddjsAYUYVo0E+ajt15nt/+BSYJ6DN+DKC/Kt/FgKeWnGamtPh/GzTf3C2ro7bV93qNzfMDb9F39b58RXjxfdIb6vD7sjrPi4l6AxGYpPSKC84/+36GcfDxiTYE4WQv6CU6UJo/3al3xthWWXcgBTrvR0PN7l54fbv0Skqr7z2OpueewGXyz9fGDO09q5JrAmH0Ov6XtO8hPM8teRYRmaiPUkIBIgSdpu0iY+5Cr8IIP+ESVaZZ8kq45sI8fP+0ueltlExt/ONxu073ucnDz5MY1NTP7kGj3C39trXKSqq2nsEPsLUwcPX70URV7W5gjLNHUJDAeReYuQe4+Nyj2kvFlMzQu5BiDUDzV85v46MhM5698jRo9xReT9ffPm1Vu5dpu+Ttcb6GQkRrYQZnMzM+DsvLX2P5BEev2zm8bV7X9FsAkbuNv0euNkXG9UnIlj7q2zk5ZvPZDTxxCMbmFOqTQ8p6vhc9O3Hhpq9jlJHitbtgJZVkM9D9cmZl1gxtaF739HhYONTz7Dlv9/01TQAQvp07RLZY/yRJo70QEMBxF4trPx08RliLO7ufSklW954i799dtR349LjPM8gEK/L3Ybi/tMNHC0F+EALK1HhLh5cXNvn92M1X/hsW3H53LBHgbJH7jbdJ3dp04XXTgBLezXg7jfdAFg6pYHi0Vd6LEaDkUkTi3wz6rYj3M0+egZ0VrUvo5iOyl1mn+dQNBNATMIJ9L11h4CiwNMr/o5BL1l6802885tfk5sz9Jc0mltaeHHzg2j8lZpcFLnVVyNajwM0G0FlJ9upnFfHsc8/x2Qa2lqIqqps//P7rF5fQUu9Vp8f7YXPdZp244Aqw2QgQyt7APfeYCPceZS1d1Wyfcf7uN0Dq+GcTicf7PwLd1Tez6bNL9DY1ERhhk6T6rEH34Hq87yJluOAfcAMrex18f05E4t+nofLLUhOSmTB9XOZWjKZ3OxsjMYrMZ3t7XYOHTlC9cFD7Ny9l4bGhl52Xr37RG1ZXnOqBi65kfwXDsfjYgGt/Se/NpoIID+yJGJw2bSw5YmH3xnFtureq2aKojAyJgaj0YjT6aShsRFV9V7H79xYczYttqNPzMngkAdQ5H1ilvP/fLNzBW1mQ3Ud6f6c11sw4UIfAVRV5XxDg5ccfYmNdEb64MI5EA9T6vhtcI6E251HkdRoYssDcZG+t+1GHWFDzLoFxZEjyuyv+2M6WpMnQCzCIfcY5qA6H0GwHtB0kdelYgfaQTSB9NTzcABtIBwg20DYQRolMlogkoE8VSJ1g1uAqgcqRJnjD1qcgzc0j4aS76IjMawE3PNATANK8FUQIbaKUvvqoWa3Wq2GTzbX1BgUmT3ALB+gN6wVMy71/fSuxvg9HE1KBHuMuUhlKoKFdH67eZCCiLtEmX2LT37sNv0S+Kf+i+IFbI4NYoU2o/r+iwswchd6FNNchPgHpFwC9Pcm3klUxwQxB5/+fkTuC7sOt1oNJHhJ4kDwgCh1vOJLOYNlWP9BQ+4lBrdpFUKsAznFQ5LPUOWtYk7Hl9qUZx6Dqj4JohRIBASCWuADJC+KMsdxLcoZDEHzFyadYwnnDFDiADeqqGF2+wEhgutDqyFChAgRIkSIECFChAgRIkSIED9g/h+02l+jofHlGAAAAABJRU5ErkJggg=="
+    },
+    {
+        "name": "cs-custom-bouncer",
+        "author": "crowdsecurity",
+        "logo": "iVBORw0KGgoAAAANSUhEUgAAAuwAAAHACAYAAAD5pj0sAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAATiAAAE4gBo4oJKAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7d1/mJ11eSf++3NmMhMBIfzQVUgiorW1KK6dJjPnTMKOiOtaa11b44/dat1aabWK2l7dar/ttvvDrXa3rVh0FbHbgq7VdK3aKlURZk3mnDPhmvo1iKj1ByURqhQNSAgzmXk++wdhVQSSzJznPM/Meb2ui7+8rvt+/yEzb54593kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO6Tqg4AlK/ZbJ5WFMWjhoeHTy+K4vSIOD2lNJRzPiWl1Kg6H1CtoijuaDQaRc75O41G458WFxdvHxkZuW3Xrl23Vp0NUNhhzZiamho+dOjQE1JKT04pPSUifjwiHhsRZ0fEyZWGA1areyLiHyLipoj4Ys75841G43Pz8/M3zM3N3V1tNBgcCjusYtu2bTunKIoLc84XRsSFEXFq1ZmAgbCYUvpcURRXR8TV69ev3z09PX1P1aFgrVLYYRXZtm3b5sXFxeemlJ4WEf8iIk6rOhNARByKiE5K6dqc88c6nc5nqw4Ea4nCDjXXbDYfFhE/HREvjYhnRcRQtYkAjurGlNIHFxcX/3zPnj1frzoMrHYKO9RTY2Ji4oKU0ksj4nkRcVLVgQCWoYh7n7xfkVJ6/8zMzHerDgSrkcIONXLeeeedeMIJJ1yUUvr1iDir6jwAPXRXSumylNIfzszM3FJ1GFhNFHaogcnJyYcXRfGLEfGGiHhU1XkASrQQER8oiuI/z87O/n3VYWA1UNihQmNjY2eMjo6+Ouf82ojYUHUegD4qIuJ/55x/t9vt3lh1GKgzhR0qMDY2tm5kZOTXI+K3I+LEqvMAVKjIOb+nKIo37tmz5/aqw0Ad+bYJ6LNWq3X+0NDQX0fEiyNipOo8ABVLKaWxRqPxik2bNt2zf//+6yIiVx0K6sQTduiT7du3P3pxcfG/R8S/qToLQI11Ukqvarfb/3/VQaAuFHYoX2o2m6+KiDdFxClVhwFYBRYj4u0LCwu/NTc3d3fVYaBqCjuUaGxs7JSRkZHLI+L5VWcBWIW+GBEv6HQ611cdBKrkM+xQklartWVoaOjqiJisOgvAKnVGRLxs8+bN39q3b9/fVR0GquIJO/ReajabF0fEH4SjUoBeufLgwYOv3Lt378Gqg0C/KezQQ9u2bTt1aWnpioj46aqzAKxBX4iIn+t0Ol+sOgj0k8IOPbJ9+/ZHHz58+KqU0lOqzgKwhn0n5/ycbrc7U3UQ6BeFHXpg27Zt5ywtLX0yIh5XdRaAAXB3SukF7Xb7Y1UHgX5wdAorNDk5+ZNFUVwTEZuqzgIwINZFxAs3btx4y/79+x2jsuYp7LACrVbrgpzzxyPitKqzAAyYRkrpOZs3b0779u2brjoMlElhh2WamJh4TkR8NCJOqDoLwIBKETG1adOmof37919bdRgoi8IOyzA5OTkR95b1h1WdBYD4F5s2bbpj//793aqDQBkcncJxarVaT8o5fyYiTq06yzFYjIgvp5Suj4ivFEVxU0R8I6V0e0rp9pzzPUNDQ177DQPs8OHDI+vWrTuxKIqTi6I4o9FoPDrn/NiU0mNzzk+KiHNjdTycKHLO/6bb7X6g6iDQawo7HIdWq/WYnPNMRJxVdZYHcTgi9kTENY1G49p169Z1pqen76k6FLB67dixY+jmm2/+541G42k556ellM6PiJOqzvUgFnLOz+52u1dXHQR6SWGHYzQ2NnbGyMjI7oj40aqz3M89EfHRnPP77r777k97CyBQpqmpqeFDhw5NpJRenFJ6YUScXnWm+/luURRPm52dnas6CPSKwg7H4Nxzzx05+eSTpyOiWXWW+6SUdkfEFSMjIzunp6cPVJ0HGDxHfjb+VES8NO59w/O6iiPd51uLi4s/ed111+2rOgj0gsIOx6DZbP5RRLy+6hwRkSPiY41G400zMzOOq4Da2LZt2+bFxcVfTym9Imrwmfecc/fw4cPnz83NHa46C6yUwg5HMTEx8TMppQ9Htf++LEXEByPi9zudzvUV5gB4SFu2bHnU8PDwr0XEK6P6z7q/udPpvLHiDLBiCjs8hC1btmwaHh7+bFT7Gc2/yzm/qtvtzlaYAeC4bN++/dGLi4tviYiXVBgj55yf2+12/7rCDLBiCjs8iKmpqeH5+fnpiJisKMKBiPi9jRs3Xrpz586lijIArMjk5OTTiqJ4e0Q8saIIt0XEUzudzjcq2g8r1qg6ANTVwsLCm6K6sv7h4eHhJ3Q6nUuUdWA1m5mZuXbDhg1PjYg3R0RRQYRHRMT7duzY4WWRrFqesMMDGB8fH2s0GrPR/7cBL6aUfrvdbv9B3HtgCrBmtFqtC3LO74uIR/V7d0rpV9vt9jv6vRd6wRN2+GGNlNKl0f+yfnNK6fx2u/2WUNaBNajdbl+TUnpKSulT/d6dc/797du3P7rfe6EXFHa4n2az+YqU0kSf185ExFPb7Xanz3sB+qrdbn/rrLPOelZEvKvPq09eXFz8/T7vhJ7wkRj4Plu3bj19eHj4iznnM/q49m8WFhZeODc3d3cfdwJUrtVq/WbO+c19XJlzzhd0u93pPu6EFfOEHb5Po9H4b30u61cuLCz8rLIODKJ2u/2WlNKvRv+OUVNK6dKxsbG6vJEVjomLaTii1Wo1I+JPok9/eUop/Y9Op/OKW2+91bfAAANr3759123evPnrEfGvoz8/fx85NDT07f3793tbNKuGJ+xwRM75P0X/Pib24bPOOus14bgUINrt9pUR8Zo+rnzj2NjYCX3cByviCTtERKvV2hIRfTlGyjlfe+qppz7vIx/5yOF+7ANYDfbv33/d5s2bT4j+vP/ixEaj8c39+/fv6cMuWDFP2CEics6/1adVnx0aGnruVVddNd+nfQCrRrvdfkNEXNmPXY1G4zfOPffckX7sgpVS2Bl4ExMTT4yIn+nDqgNDQ0PPn5mZ+W4fdgGsRnl0dPSiiPhs6Yty3nTyySe/pOw90AsKOwMvpfTb0Z9/F161e/fur/VhD8CqNT09fU9RFC+MiH483Hjj1NTUcB/2wIoo7Ay0Vqv1uIh4YR9Wvb3T6by/D3sAVr3Z2dm/Tym9qg+rHjc/P/+CPuyBFVHYGWg551+O8o+vP79hw4ZfL3kHwJrSbrffG/35PHs//sMAVkRhZ5A1IuLFJe/IOefXODIFOH5LS0uvj4jbS17TOvLXVqgthZ2BNT4+/vSI2Fjymiu8Ahtgefbs2XN7zvl3Sl6Tcs7/tuQdsCIKOwOr0WiU/e0Adw4PD7+x5B0Aa1q3231XRMyWvOYl0b8X58FxU9gZSOedd96JEfG8ktf8h127dt1a8g6Ata5oNBqvK3nH41ut1kTJO2DZFHYG0kknnfSzEXFSiSu+GRGXlTgfYGDMzMx0I+KTZe4oiuLny5wPK6GwM5ByzqUem6aU/rjT6RwqcwfAIEkpvank+S/csWNH2d8aBsuisDNwjryK+vwSV9wxPz//zhLnAwycdrv9mYjYVeKK02+55Zanljgflk1hZ+CcdNJJWyPixLLmp5QunZubu6Os+QCDqtFovLnM+UtLSxeUOR+WS2Fn4DQajTJ/IOdGo/GnJc4HGFgzMzN/m1LaV9b8lNJUWbNhJRR2BtHTSpy9a/fu3V8rcT7AICuKovhfJc7fPjY2tq7E+bAsCjsDZWpqan1ElPbVXTnnfrxGG2Bg5ZyvKHH8SSMjI1tKnA/LorAzUA4fPtyMiPUljb9n/fr1f1nSbAAiYnZ29gsR8dmy5qeUfI6d2lHYGShFUWwvcfzV09PTB0qcD0BE5JxLeziSc95W1mxYLoWdQfOUsgbnnK8pazYA39NoNK4tcXxpvydguRR2Bs15ZQ0u+RcIAEeMjIxcFxF3ljT+Udu3b39ESbNhWRR2BsZ55513YkScU9L429vt9t6SZgPwfaanpxejxJcoLS0tPbms2bAcCjsD48QTTzwnyvv//GcioihpNgD3k1Iq86+ajy9xNhw3hZ2BkXM+u8Tx15U4G4D7KYpirqzZJf++gOOmsDMwGo3GY0scf32JswG4n5RSmR9DPLvE2XDcFHYGRs55Y1mzU0o3ljUbgB/W6XS+HRHfKmn8Y0qaC8uisDNIHlnS3KX5+fmbS5oNwIO7qaS5viWGWlHYGSSnlTT31rm5ucMlzQbgQaSUvl7S6NNLmgvLorAzSM4oY2hK6ZtlzAXgoeWcbytp9KlTU1PDJc2G46awM0geXsbQnPPtZcwF4KGllMr6+ZsOHTp0Qkmz4bgp7AySdSXNLettewA8hKIo7ihr9sjIyGhZs+F4KewMklJ++KaU5suYC8BDazQapf38XVxcHClrNhwvhZ1BUsoP35zzYhlzAXhoOefSCvvQ0JAn7NSGws4gSWUMzTkXZcwF4KhyWYOXlpZ0JGrD/xkBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhB37A5OTkxNatW59QdQ4A4F4KO/ADlpaWnj40NPSlZrO5u9ls7piamhquOhMADDKFHXgwkxHxwfn5+X+YmJh48/j4+MaqAwHAIFLYgaM5M6X0m41G46vNZvODExMTF1YdCAAGiT91A8dqJCJ2pJR2NJvNGyPiXQcPHrx87969B6sOBgBrmSfswHI8MSLeeuKJJ97SbDbfNTk5eW7VgQBgrVLYgZU4OSIuKori845UAaAcCjvQKz9wpNpsNs+qOhAArAUKO9BrZ6aUfjMivuZIFQBWzp+ugbI4UgWAHvCEHegHR6oAsEwKO9BPjlQB4Dgp7EBVHKkCwDFQ2IGqOVIFgIfgT9FAXThSBYAH4Ak7UEeOVAHgCIUdqDNHqgAMPIUdWC0cqQIwkBR2YLVxpArAQPGnZWC1cqQKwEDwhB1YCxypArBmKezAWnLfker1zWbzU45UAVgLFHZgLUoRcWEcOVJttVq/12q1Hll1KABYDoUd+AHr1q3705zzf4mIf6w6S4+cmXP+3Zzzza1W672tVqtZdSAAOB4KO/ADdu3adWu32/2dO++88zER8YKIuDoicsWxemE05/xvc87tZrP5d61W66LzzjvvxKpDAcDRKOzAA7rhhhsWOp3Ozk6n84yI+PGc89si4q6qc/XIU3PO73KkCsBqoLADR9XpdL7Y7XZfWxTFWSmlX46Iz1edqUccqQJQewo7cMxmZ2fvbLfbl3U6nScXRbE9InZGxGLVuXrAkSoAtaWwA8syOzu7u9PpvGB4eHhzSukNEbG/6kw9ct+R6j5vUgWgDhR2YEV27dp1a7vdfsudd975uPjekepacN+bVD/lSBWAKinsQE/c70j1iWv5SHV8fPzHqw4EwOBQ2IGeW+tHqo1G4/OOVAHoF4UdKI0jVQBYOYUd6AtHqgCwPAo70FeOVAHg+CjsQCUG5Ej1G45UAVgphR2o3Bo+Uj0lHKkCsEIKO1Abg3Skun379kdUHQqA1UFhB2pprR+pLi4u7nekCsCxUNiBWhuQI9U5R6oAPBiFHVgV1viR6k84UgXgwSjswKrjSBWAQaKwA6uWI1UABoHCDqwJjlQBWKsUdmBNcaQKwFqjsANrkiNVANYKhR1Y8x7gSPWGqjP1iCNVgAGgsAMD4/uOVJ/kSBWA1UJhBwbSfUeqjUbjMY5UAagzhR0YaDMzM7c4UgWgzhR2gHjQI9WDVefqEUeqAKuYwg5wP/cdqY6Ojm6MiNenlL5cdaYeue9I9fpms3nV5OTk06oOBMDR+TYBgAcxPT19ICLeGhFvHR8f39ZoNC6OiOfF6v/Z2YiIf1UUxVJEXFt1GAAemifsAMdgDR+pAlBzCjvAcVjDR6oA1NRq/7MuQCVuuOGGhbj3e9x3TkxMPDEifiWl9PKI8E0sAPSUJ+wAK9Ttdm888ibVM1fTm1RzzqnqDAAcnSfsAD0yOzt7Z0RcFhGXrbEjVQAq5Ak7QAke4Ej1G1VnAmB1UtgBSvR9R6rnhCNVAJbBn2kB+sCRKgDL5Qk7QJ/dd6QaEc2IuKmqHCklR6cAq4An7AB95iAVgOPhFwVAH0xOTj485/zinPNrIuJJVecBYPVQ2AFKNDk5+aNLS0v/riiKX46IDVXnAWD1UdgBemzHjh1D+/bt+6mU0sVFUTzdZ8UBWAmFHaBHtmzZ8qh169b9wv79+1+VUtpcdZ5j4D8kAFYBhR1ghcbHx8cajcZrI+JFOed1VecBYG1R2AGWYWpqav38/PwLcs6/llJ6StV5AFi7FHaA4zA+Pv4jKaWXz8/PvyIiTvPxdADKprADHF1jYmLigpTSayPi2eGz3wD0kcIO8CBardYji6L4pUaj8Ss5501V5+mhu3PO70sp/UnVQQA4OoUd4H6OHJFelHN+SUrpYTnnqiP1yldSSpcvLi5evmfPnturDgPAsVHYASLiWc961uiBAwd+JiJeHxHNqvP0UBER10TEZRs3bvzQzp07l6oOBMDxUdiBgdZqtR5XFMUrDhw48EsRcXrVeXroQM75iqIo3rpnz56vVx0GgOVT2IFBdN8R6UU5559NKQ1VHahXUkpzEXHZ/Pz8e+fm5u6uOg8AK6ewAwNjbGzslJGRkZdFxMURcU7FcXppPiI+mnO+pNPpzFQdBoDeUtiBNe++I9KI+PmIOKHqPD30jZTS5fPz85fOzc39U9VhACiHwg6sSd93RHpRRFxYdZ4e+n9HpKOjo381PT29WHUgAMqlsANryuTk5Jk554sOHDjwqoh4RNV5euiOiPhAURSXzM7OfqHqMAD0j8IOrAVpYmLi6Smli4qieF6srZ9tn00pvfOuu+563969ew9WHQaA/ltLv9SAATM+Pn7y0NDQi3LOr42IH686Tw8tRMRHcs6Xdbvdq6sOA0C1FHZg1Wk2mz+Wc35lSunlOecTq87TQ7fmnK/IOV86Ozu7v+owANSDwg6sCueee+7IySef/Nw4ckSaUqo6Ui/NRMQljkgBeCAKO1Br27dvf/TS0tJLc86vjoiNVefpoe9GxPtTSn/Sbrc/X3UYAOpLYQdqaXx8fFuj0bh4cXHxX0fEuqrz9NCXIuJ/jI6Ovmd6evquqsMAUH8KO1Abk5OTD885v/jI0/QnV52nh5Yi4qqc8yXdbvfTEZGrDgTA6qGwA5XbunXrExqNxi8WRXFRRJxadZ4e+sec858PDw+/Y/fu3TdXHQaA1UlhB6rSmJiYeHZK6eKIeHpErJkr0pTSXM75bQsLC++fm5s7XHUeAFY3hR3oq/Hx8X82NDT0spzzqyJic9V5euieiNg5NDT0h7t37/5c1WEAWDsUdqAvxsfHxxqNxmsj4kU557V0RPr3KaX35Jzf3el0vl11GADWHoUdKM3U1NT6+fn5F+Scfy2l9JSq8/RQERHX5Jzf1u12/yYckQJQIoUd6Lnx8fEfSSm9fH5+/hURcdoaesnRt3LO/zMi3tntdm+qOgwAg0FhB3qlMTExcUFK6bUR8exYY0ekEXFZzvnKbrd7qOo8AAwWhR1YkVar9ciI+Hc551+JiLMrjtNL8xHx0ZTSH7fb7U7VYQAYXAo7sCxHjkgvyjm/JCIeVnWeHvpqSundi4uLl+/Zs+f2qsMAgMIOHLNnPetZowcOHPiZiHhdRLSqztNDRURcExGXbdy48UM7d+5cqjoQANxHYQeOqtVqPa4oilfccccdL4+IM6rO00N3HHkT6SW7d+/+WtVhAOCBKOzAg7nviPSinPPPppSGcl4b31543xHp/Pz8e+fm5u6uOg8APBSFHfgBzWbztIh4eUT8SkScU3GcXronIj4YEW9vt9t7qg4DAMdKYQd+QM75lSml/1J1jh66JaX07qGhobfv2rXrtqrDAMDxUtiBtShHxKcj4rLR0dG/mp6eXqw6EAAsl8IOrCV3RsRfNBqNt83MzNxQdRgA6AWFHVgLvhgR7zx48ODle/fuPVh1GADoJYUdWK0WIuIjOefLut3u1VWHAYCyKOzAanNrzvmKnPOls7Oz+6sOAwBlU9iB1WImIi5ZWFj48Nzc3OGqwwBAvyjsQJ19NyLeHxGXdjqd66sOAwBVUNiB2kkpfTki/rTRaFy2e/fu71SdBwCqpLADdVFExMdzzpd0Op1Px73fpQ4AA09hB6r2zZzznw0PD79j9+7dN1cdBgDqRmEHKpFSmouIy0ZGRq6Ynp6+p+o8AFBXCjvQT/dExM6hoaE/3L179+eqDgMAq4HCDvTDV1JKl+ec393pdL5ddRgAWE0UdqAsRURck3N+W7fb/ZtwRAoAy6KwA712IOd8RUT8cbfbvanqMACw2insQE/cd0Sac76y2+0eqjoPAKwVCjuwEvMR8dGIeGu73W5XHQYA1iKFHViOr6WULpufn3/P3NzcP1UdBgDWMoUdOFZFRFwTEZdt3LjxQzt37lyqOhAADAKFHTiaOyLiAznnt3a73RurDgMAg0ZhBx7M36WU3jU/P//eubm5u6sOAwCDSmEHfsDQ0FA7IpozMzPdqrMAAAo7cD8zMzPXVp0BAPieRtUBAACAB6ewAwBAjSnsAABQYwo7AADUmMIOAAA1prADAECNKewAAFBjCjsAANSYwg4AADWmsAMAQI0p7AAAUGMKOwAA1JjCDgAANaawAwBAjSnsAABQYwo7AADUmMIOAAA1prADAECNKewAAFBjw1UHAKA627ZtO7UoiidXnYP+KYritm63e2PVOYBjp7ADDLClpaWtEfG3Veegf1JKH4qIn6s6B3DsfCQGAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpsuOoAAFSn0+l8ampq6mFV56B/vvvd7y5VnQE4Pgo7wGArpqen76k6BAAPzkdiAACgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhZ2CklBZLmjtUxlwAjmpdWYNTSofLmg3HS2FnYOScF0qaO1LGXAAeWpk/fw8fPjxf1mw4Xgo7g6SUH76NRuOEMuYCcFQPK2vw8PBwKQ95YDkUdgbJPSXNPa2kuQA8hEajcXqJ4w+VOBuOi8LOIPlOGUNzzmeUMReAh5ZzLquwH+p0Ogo7taGwMzBSSv9U0uizSpoLwEPbVMbQEn9fwLIo7AyMoihuL2n0w7du3Vrmn2UBeGCPLWNozrms3xewLAo7AyOl9I9lzR4aGnpcWbMB+GFTU1PDEbG5pPGl/b6A5VDYGST/UOLsJ5c4G4D7OXTo0BMiYrSM2Smlr5cxF5ZLYWdgNBqN0n4A55zPK2s2AD8spVTag5KiKG4qazYsh8LOwFhcXCytsKeUxsuaDcAPSyltL3G2J+zUisLOwJidnf1GRBwoafxPjI2NeYESQP9cUNbgnPPny5oNy6GwM0hySqmsH8Lr1q1b1yppNgDfZ8uWLY+KiB8rafz84cOHv1LSbFgWhZ2BUhTF3rJmp5SeWdZsAL5neHj4gohIJY2/cW5u7nBJs2FZFHYGzWdLnP2cEmcD8D1lPiCZK3E2LIvCzkDJObdLHP+jrVZrS4nzAQZes9l8WEQ8t6z5Oedry5oNy6WwM1BmZ2dvjIhvl7jiJSXOBiDieRFxSlnDU0rTZc2G5VLYGTQ5Ijolzn/x2NjYuhLnAwy6ny9x9pc6nc43SpwPy6KwM3BSSp8sa3bO+YzR0dGfKms+wCA78u0wzyhxhY/DUEsKOwMnpfSJMufnnF9X5nyAQTU8PHxxRAyXuOKaEmfDsinsDJyZmZkvRcRXS1wxNT4+vq3E+QADZ2xs7JSIeGWJK3JRFJ8pcT4sm8LOoPqrMoc3Go03lDkfYNCMjo6+JiI2lLiiPTs7+80S58OyKewMpEaj8Wclr3j2xMTET5S8A2AgnHfeeSfmnC8uec2VJc+HZVPYGUgzMzM35Jw/V+aOlNJ/LXM+wKA46aSTfiMiHlHiivmI2FnifFgRhZ2BlVJ6b8krntlqtX6u5B0Aa1qr1Xpczvk3S17zsU6nU+Y7OmBFFHYG1vDw8PsiYqnMHTnnt05NTZ1U5g6AtSznfElErC95jY/DUGsKOwNr165dt0bEp0tes3FhYeF3St4BsCY1m83nRcSzS17z7Q0bNlxV8g5YEYWdQfdnZS/IOb++2Wy2yt4DsJa0Wq1HRsSlfVj1v6666qr5PuyBZVPYGWgbN278YER8rINEGgAACCJJREFUpeQ161JKf7F169bTS94DsFY0cs5XRMSZJe9ZiohLSt4BK6awM9B27ty5lHP+w7L35Jw3DQ0N/XlEpLJ3Aax2ExMTb4iIZ/Zh1fs6nU7ZD21gxRR2Bt6pp576PyPilj6senar1fq1PuwBWLVardb5KaX/2IdVRc75zX3YAys2VHUAqNpXvvKVpc2bN6eI+Jd9WPf0zZs3f2Hfvn1f6MMugFWl2Ww+PiL+NiIe3od1/7vb7b6jD3tgxTxhh4i466673hkRt/Vh1VDO+X0TExMX9mEXwKoxOTl5ZkR8KiIe2Y99RVF4us6qobBDROzdu/dgSultfVo3klL6y/Hx8fP6tA+g1rZt23ZqURSfiIiz+7TyY7Ozs3N92gUrprDDEfPz838UEf/Qp3WnNBqNTzSbzSf3aR9ALTWbzdMWFxc/HhFP6tPKhZzzb/RpF/SEwg5HzM3N3R0Rr+vjykdFxGdardb5fdwJUBtHPgZzbUppoo9r/6jb7d7Yx32wYgo7fJ9Op/PhiPibPq7ckHP+ZKvVen4fdwJUbmJi4olFUXQiom8fD0wp7RsdHX1Tv/ZBryjscD9DQ0OvjYhDfVw5mnP+i2az+drwPe3AABgfH39GSml3RGzu596iKF43PT19Vz93Qi/4Wke4n5tvvvk7GzduHE4pTfVxbSMi/tWmTZv++dlnn/2Jm2+++Z4+7gboix07dgxt2LDhd1NK746IE/q8/pPdbvf/6/NO6AlP2OEBrF+//i0ppS9XsPq5S0tLc61Wa0sFuwFKMzk5eeb+/fuvyTn/bvS/f9wdEb/a553QM/78Dg9iYmLiJ1JK7YgYrWD9QkS8JSJ+v9Pp9PPjOQC9liYmJn6h0Wj8t5zzGRVl+KVOp/OeinbDiins8BCazearI+JPKozwtZTSxe12+2MVZgBYlsnJyR8tiuLtEfH0qjKklD7QbrdfVNV+6AWFHY5iYmLiL1NKP1dxjA9HxBs7nc4XK84BcFTbt29/xOLi4m9FxKsjYriqHCmlL4+MjIw5NGW1U9jhKKampjbMz8/PRcQ5FUcpIuLjKaX/1G63r6s4C8APGR8f/2cppdenlF4T/T8qvb97IqLV6XQ+W3EOWDGFHY5Bq9XaknPeHREjVWeJiBz3Fvc/arfb03FvkQeoTKvVelLO+dUR8bKo5u7nh+ScX9ntdt9ZdQ7oBYUdjlGz2fzFiLg8avTvTUppX875vTnnK725D+inLVu2PGpoaOjFKaWXRMRTq85zP5d1Op1frjoE9EptigesBs1m840R8V+rzvFAUkpzEfG3OedrI6Lt22WAXtqxY8fQLbfc8tSlpaULGo3GhTnnC6Ke73P58MaNG5+/c+fOpaqDQK8o7HCcJiYmLkkpXVx1jqOYj4huznlXSmlvo9HYe+DAga/fcMMNC1UHA1aFRqvV2pRSOjfn/OSIaOWcz4+IDVUHO4rPjI6OPnN6etrL51hTFHY4fo1ms/neiHhx1UGOU5FS+kbOeX9E3H7kn/mIuDvnPF9tNKAiwymlh8e9T8pPP/LPoyNic9TjZud4XD86Onr+9PT0gaqDQK9V9lVLsIoVCwsLvzAyMnJaRDyz6jDHoZFz3hQRm+7/P6Tkv92BVW3/4uLiszudjrLOmtTvVwPDmjA3N3d4dHT0+RFxddVZAAbc1yPiadddd92+qoNAWep4LAKrwk033bRwyimnfGBkZORHUkpPqjoPwAC6oSiKp3e73ZuqDgJlUthhBW677bal/fv3f2jz5s0Pj4hm1XkABsj/WVhYeMZ11113W9VBoGwKO/TAvn37Prl58+Z7IuLp4ZgboGwfiYjn7dmz566qg0A/KOzQI/v27ZvZvHnzrRHxrHAfAlCWd27cuPFln/jEJ3xNLQPDk0DosVartSXn/IGIeGzVWQDWkHsi4g2dTueSqoNAvynsUIKtW7eePjQ09GcR8dNVZwFYA74YES/odDrXVx0EqqCwQ3lSs9m8OCL+IFbfC0gA6uLKgwcPvnLv3r0Hqw4CVVHYoWStVquZc35/RDym6iwAq8hdEfGrnU7niqqDQNUcnULJ9u3bt//xj3/85UtLS+siYmv49w7gaD60uLj4nNnZ2V1VB4E68IQd+mjr1q1PGB4evjTn/IyqswDU0FcbjcbFMzMzH686CNSJwg4VmJiYeE5K6R0RsbHqLAA1sJBz/uP169f/3vT09D1Vh4G6UdihImNjY6eMjo7+Vs75VRFxUtV5ACqwFBEfTCn9Trvd/mrVYaCuFHao2Pj4+MlDQ0OvzDn/+4g4reo8AH1wOCL+otFovGlmZuZLVYeBulPYoSampqZOmp+ff3lE/PuIOLPqPAAlmI97n6j/R0/U4dgp7FAzY2NjJ4yOjr4s5/yyiNhSdR6AHrgpIq5cXFx8x3XXXfePVYeB1UZhhxprNps/llJ6Uc75JRFxTtV5AI7DHRHx0ZzzFd1u99MRkasOBKuVwg6rQ2NiYuL8iHhpo9F4Ts75jKoDATyAu1NKV+ec3zs6OvrXvvEFekNhh1Vo27Zt5xRFcWHO+cKIuDAiTq06EzCQFlNKnyuK4uqIuHr9+vW7lXToPYUdVrkdO3YM7du37ydTSk/LOf9ko9F4cs75ceGNqkDv7Y+I61NKn11aWppeXFycmZubu7vqULDWKeywBjWbzYdFxI/lnB8bEWc3Go2zi6I4M6V0ekScERGnR8T6uPdnwIYKowLVuyvu/ZrFxYi4PSJuTyndXhTFNyPippTS11NKNzUajS/u3r37O5UmhQH1fwFiYtgzpiU5kgAAAABJRU5ErkJggg=="
+    },
+    {
+        "name": "cs-cloud-firewall-bouncer",
+        "author": "fallard84",
+        "logo": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAABmJLR0QA/wD/AP+gvaeTAAAgAElEQVR4nO3deXhV1d3o8e865+QkOZkDIQwJQ4AQQAEZFGQKJCCzghynqq9tb23f2/pW66PtbXvvS/WtVatgqx2uvtqq19sBfdtah15FHOoMVBEIyCyCEKaEISM5Z90/NmkpAjlrn33OPsPv8zx5gGQPK5uzf3vtNfwWCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQiUm5XQDhrOrqap83u6QSX7hShVV/pRgQ1pQr6A50O/nlBzKBwMndGgGt0UcU6gRQj9Z7UGovsAetd6F86zqa6re89tprHa78YiImJAAkNzVz/uVDwlpNUFpP1HguAD0MyIrR+dpQ1IFer8PqLY9Hr3z5uWe2xOhcIg4kACSZ6vlXd/eFOmai9BxgJlDiZnkU7NaaldqjXvCHjv/xxRdfbHOzPMKMBIAkULNwYTd1wrMIra4EqgGv22U6I60/RfGlFc8/s8LtoojISABIUEuWLPG8tWZ9LWG+ouFSIMPtMkWoXWt16SsvLP+L2wURXZMAkGAmLliQFwhnfklr/W9Ahdvlsam+I6AGvbZ8+XG3CyLOzed2AYSlev7V3X26/VZC6msaXeh2eaJU6msOXwE85nZBxLlJAHDZ3LnXFLWp9m8RPvFNUHlul8c5ajwSABKeBACXVFdX+3y5JV9r0+0/QFPsdnkcp3SsuiKFgyQAuKBm7qJpCs9DaD3M7bLETFhtc7sIomsetwuQTmprgwUz5i3+icKzAkjdmx+4687vjtZaX+x2OcS5SQ0gTmrmBGeh9GNa08vNcmT6/WRlZRIIBAgEsgmHw7S2ttHW3k5bWxtNTc1Rn2PKxPGMG33BAmCB1vot4B7gOaWUjvrgwlHSDRhj1dU3ZGXkHr9Ha24iDtfb78+gX3k5ZX16UVbWm/KyPpT16UVpjxJyc3LweM5d6Wtrb+fAgUMcPHSI/fsPsnPXp2zfsZNtOz6hsfFIl+cfNHAA9/7H/yIvL/f0H60FlgJPKaVCdn8/4SwJADE0ffaVA5Un/IxCj4zVObxeL1VDBjNqxHBGnX8ew4YOwe+PzZihAwcPsfajDXz40XrWrtvAvvr9f/9ZIDubObNqueHaK8nMzDzXYT4CblJKvRGTQgojEgBipHZucC7oJ4Eip4+dkZHBReNGUzt9CqNHjSA7y50G90OHG/h09x6ys7Oo6N+PjAyjwLMcKxDUx6h453TL27qYEFehmQ4MwpohuU0p3g138NQD09RON8oVbxIAYqB2TvA2lL4bhxtZh1ZVUjttCtOmTDxTFTsZHQH+HXgoHq8Fwd9rb1kvpqG5Hricf0yHPpM1KB7OUPzm3knqWKzL5hYJAA6qrq72+QLdH0TxNaeOqZRiyqQJXHPFQioG9HfqsIlmFXC1UrHpOrzlTT2cENcBN6AoNdy9FfgziicLOnhxyTSVUvkQJAA4ZPbs2ZknPDm/BxY4cTyfz8v06slctXgh5WW9nThkojsG3KiU+q0TB7v5Dd1Laa5AcT0w2oljavhMaZ5WHh5bOlmtdeKYbpMA4ID58+cHWkKZf0Ax04njVU++mP92w7WUlro61d8tTwJfVUq1mO540ws605fHTDTXAZcR2xmUdUrxxAnNYw9OUQdieJ6YkgAQpZM3/wsopkZ7rPKy3nzja19m9KgRThQtmX0AXK6U2hHJxrf+VY8Jh7kexTVYqc/iqR14SSmeOJ7NHx8eq07E+fxRkQAQhWAw6G9o5g+g50RznEy/nysWX8rVwYWmLempbB8wRyn1wZl+eNOruizDxxe05svA4PgW7awa0Cz3eHny/knqTbcLEwkJADZVV1f7fDndnyHKd/6K/v34/ne+lS7v+aaOA4uUUi8D3PK2zlYh5mnNjUANif35rVOa5crHr+6fqD5xuzBnk8gXMKHVzFv8kNJ8PZpj1E6fws1fv7GrgTNpTUPbyt3c9fx2+pys4idb/2cYWKkUT3qaeea+S1ST2wU6lQQAG2rmLb5dae6xu38gO5tvfv1GpldPcrJYKWV/C3ywH1bth8OtbpfGMUeAZ1E8sWwSr5AAcyMkABg6OcLvWWwO8inp3o0f3fF9+vUtc7hkya+lAz48CKvrYedRcP3uiK1daH7j8/HIjye6N3VaAoCBWbOu6t/h7ViNtbiGsb7lffjRHd+nR0m8G6oTV1jD1iPWTf/RQWgPu10iV7g26lACQISqq2/I8uY0vWt3Ys/Qqkp++O//I1WG8EZtz3Grev+3/XDcxY6zgA8uODnc4oMD0OzuOL8m4A8oHi+YxMolSsU8HEoAiNCMeYt/ojX/ZmffMReMZMn3biMrK70b+462w4cHYPV+2O1ivmCPgkEFMLYURnQH/8mXuZCGTQ1WbWT9IevfbonXqEMJABGYMX/xTB3mL9i4XlWVg7j3rn93bcae2zrC8HFjYtxUpQEYVwrjekCe/9zbntoeseNofMp3DjEbdSgBoAvVl11W6DvhqwPzTD79+pax9J47yM9LoWS/Edp9HFbVw98OQJPLVfyR3WFCLyiz+fZV32z9Lqv2w7F2Z8tnyPFRhxIAulA7d/GjwJdM9+verZgHfvwflPZIn/H8jW3WDf/ePjhgPJLfOT4PVBZaT/vzuoHXoU+5BrY0JkyDpSOjDiUAnMPJ7L2vYHidAtnZ/PT+u9Kiq+9EGOoOwzt7rZvDza67slwY2wPG9ICcGI+obu2A9YetYOD2700Uow4lAJyFNdS35APQ55nu+51bb6Jm2pRYFCshaKx++tUnq/htLmb4K/BbN/xFPaEk250yNLRZPQjv7IVD7g5aMh51KAHgLGrnLr4J+KnpfvNmz+CbX78xBiVyX6KMzvN5YHix1Yo/tMhq1U8EiRQYiXDUYYJcusRysuFvK4YDfir69+OnS+8i099FE3MS0Vhdd2/sgU9cTIylgEGFVhV/RHfITMwF0v+uLWS1E6zeD1vdf0XYiubRjkx+/uB49U99GhIAzqB23uI70XzfZJ/MzEx+8ZN7U2pWX9MJeGQD7HLxxi/Jtm76saVQlKTDKBrarFrB6v3uNo4Cu0Ka2p9OVVs6vyEB4DTV86/u7guf2A4Y9d198bqruebKRTEqVfyFNDzwoTViL96yfTCqxOqv758f//PH0s6j1ivUhwessQYu2OX1Mu6+iWo/yMpAn+PT7beartJbXtab4KL5sSqSK1bVx/fmV8Dgws+Pzks1/fOtr4UVrg2Q6hsOcRtwG0gA+CcTFyzII6SMM/r+61e+mHKZfFbFKVt/rxzrST8mgtF5qaSzIXN4sTW4aM3JxtW9ccgWoOEraH07SmkJAKfIDvm/DBSa7DNtykTGjRkVoxK5Z38M31WzfTCqu/W0H5BiVXw78vxQXWZ97Wu2agWr6uFY7EZQFnzrDcqWwqcSAE5asmSJ581V628y2cfn8/Llf/lCrIrkKqeH73oVDClyfnRequkZgHkDYE7/f0yTXnvQGnDlJOWhBxIA/uHNVetmgKow2Wd69eR0Td0dsc4JOBeWQm5qvSXFlEdZw5krC2HhwNglSpEA0El5voKO/NJ6PB6uWrwwhgVKXvl+awLORT2hd47bpUl+2T6Y0NP62t9sjTp0ajCWBACgZuHCbrRro+y+kyeOT6k+/2gl6ui8VNMjAJf0g5n9nBl1KAEAUCc8izBcReaaK+Tpf6o7xkNWgo/OSyUKqwF1QD7Mr4Dvvm3vOCna22pGo64y2X5YVWUqL9Rpi9z87onm2qd9AKief3V3pc2W9aqdHvUqYEIkhLR/BfDqE5cAEcdQn8/H1MkTYlgi4RYNrDtoze8PaStv4HndwJ/CtZu0DwBKM9tk+wkXjU3LFF+priMMv9oIGw//43vv7rNu/vO7WSMVKwtTr3Ez3QOAArMlvWumTY5RUYSbXtn9zzd/p/aQNUx3zX5rxN7oEisY2M0vmGjSOgDUzr2yCkIRj+Txer1cMPL8WBZJuCSSuQ/H2uH1PdZXacCapjy6R/JOU4Y0DwCa8MUmNbqqIYMJZLuUd0rEVIPhoJr6Znh+J7ywEyoKrFrByO7WoJ1kkmTFdZaH8ARtkBJh1IjhMSyNcJPd4bUa2HbE+vqvbbHJRhxLaR0AtFKjTf7nR40wzg8q0kjHyQzJdYetmkDnyMjBhYmbeSdtA0B1dbUPzdBIt/f7MxhWNSSWRRIppKXDSgG2er/VRnBBibuZi88mbQOAN7ukEnTE63X1LS/D75fpbMJcQxus3G199cuDqX1gZEli1ArSdiSgx4vR47y8rE+siiLSyCfH4IlN8JMP3V0yrVPaBgAdDhsN5i/vIzP/hHN2HYP/vd7dxVIhjQOA8iijAFAmU3+Fw3Yft6bzuiltA0BYU26yfVkf48WBhejSO/vcPX/aBgBQRqv+9OzRI1YFSUimDVQu12ST1j4HsgDbufY6TBjSOAAowkbJ/AKBBOu/iTGv4Scj5O5S2UnLictmJ2FoGFohjQMAqKJIt8z0+/F6U3hO6BlkGH4ynM5amy58DvQFdti59mFaIK0DABE/0rOyIx4ukDJMA4CtD6EwrmmdiZ1rnyE1ACJehyYdJwD5pAYQF07UAOxce0+H1AAiDgDZaRgA5BUgPrIdGFxq59o3n5AaQMQv9V4n6mlJRl4B4iPXgcH4Nq59+MHZtEN6BwBxDqYBoNVmXvp0F3CgBtBqvsx4K0ppkAAgzsI01fSx9tiUI9UFHKgBHDWfU3Ck8y8SAMQZ5RumuToqAcCWQgfSiR1tM97ls86/JP104OrqG7IyAk1VYQ9D0LpSKV0Fngq0zgFygKKTf6bR6vPRyze8WhIA7Cl2oIfZxjLiezv/knQBoLq62ufPKRmp0bUaVQvHJ2nIUp3jIbVCBqZGzzQAxHAt+5TmREJRG8E3uQJAMBj0Hm5iOkpfr2BhGH1yzVm50WNFagDx4UQNIGUDwPQ5i/p58fz3hmb9BaWQjBxxZFwDkABgzO9xpg3AtPal4O9zEBMyANTOvbxCKfVNrfmqhiTOup68TAPAwVarPpYIaa6SRc+c6K+XBg63GO+0p/OvCRUAps++cqBHdfwQVFBr6aFwU16G9eGM9CWrPQSNbcm9SEa89QxEf4yGVmg3HAikVYLVAILBoL+xWd+iCS0BlXAzb/LzUmQdKAM+DxRlwWGDBTPqmyUAmHAiANQ3m++TqdjS+XfXn7I1c4KzGpr1Bg13Awl38wMMqhjgdhFcUWr4Ad1v48OYzpxYX9A0AGj47O7JqqHz367VAILBoL+xRf9Ya30TCfzq6PF4qK2Z6nYxXNEzcOYFM8+m3vRdNI15FJQ7sMi06TVXUHfqv10JALVzL69oaNa/A8a6cX4TwUUL6N/XKH1gyughNYCY6Z0DmQ7kmDF+BdAuB4DaucG5oJ8CCuJ9bhMej4fgogV86fqr3S6Ka0zfUfc2SU9ApAbkR38MjY0AoNh46j/jGgBmzAneoNGPxOO8mZmZZGVlEsjOJicngFKRfSzz83IZVDGAGTXV9OtbFuNSJrbSgFlPQHMHHGiBHumXPsFYhQOPv/pmawkyE2G3agA18xbfrrW+mxg8IMr69GLUiPMYNLCCsj69KC/rQ3FRodOnSTtZXijItLr3IrXzqASArniUtWBotHYeNd/HF3YhANTOXXw3mm87dTylFOcPH0rt9KmMGzOK7t2KnTq0OE2vHPMAcGFp7MqTCspznZkG/Mkxs+01fHb/NHXw1O/FPADUzFt8u1M3f0F+HgvmzeKS2mmU9jDK6i1sGpBv1hOw0/BDmY6qIs5HfW6mNQAFb53+vZgGgBlzgjecrPZHpbi4iOCiBcybNYOsLBlpEk+mjVX1TdZ7aXZCDDFLTEMdqLC2dNjoddFxDAA1cxbP00o/QhTv/D6fl4UL5nLdNUGysxJyjFDKK88Dr4p8EUuNVTV16imXagoznen/33nMfC5sWPP26d+LSQConXt5BfBkNMcfWlXJt276Kv379XWuYMKY32ONWDN539zSKAHgbEaVONMKvrmh621O01Sk+eD0bzo+FHjMmBszUJ6nAFvtnEopFi6Yw9K7fyA3f4Lob/gaUGfQZpBuRhitSHl2Nq7xe0umqc91GjpeAyjudfg+rRlvZ99AIJvv3nYzF40b7XSxRBQG5MPre7rerlN9MxxqhW7y1vZPirOgnwMDgA61WuMtTJypARAcrgHUzAnO0pqb7OxbWFjAfT9aIjd/AhqQb15tNek5SBcXljpT/bdTwwrFOgBUV9+QpZR+EBu/Y2mPEh64904GD6xwqjjCQXl+6GM4c22T+TtqSlPAGIdWmLcRXJtbAvz1TD9wLAD4co9/Bxhkul9BQT4/uuP79Ondy6miiBgYbth1taXRPFFFKhtU6MwrUXsIth7pervTvPzwWHXGTkNHAsD02VcOtDPYJ5CdzY9+8D3Ky3o7UQwRQ8MMG69OhOFjqQX83USHnm8bG8yXAtPw3Nl+5kgAsNJ4mSXzUErx3dtvZvAgqfYng7JcKDDME7hmf2zKkmyKMuE8h1r/bVxT7ffwwtl+GHUAuGRBcBBKLTbdL7hovjT4JRGF+Qi2usPms9VS0ZQ+1gSgaDV32GpbWXXvJPXZ2X4YdQAIdejvYrDSLliDfL543TXRnlrEmWk7QEcY1h7sertUlul1bnLUhwdsrASs+fO5fhxVAJh56VXlKL5gso/X6+Xmb9yIz+dAOhQRV4OLzFcNTvfXgEm9nZsXYedaKnj+XD+PKgDoEx3fwHDNvUWXzqWif79oTitc4vfAMMNawPYjZpmFU4nfC1MdWs6moc3W/P/NS6fw4bk2sB0AgsGgVxs+/YuLi7jumqDdU4oEMM6wOquB1WlaC5jYC3IznDnW+/tsLYT3OEqdczfbAaCxVdeA2XJdwUULZFZfkqsqsgYGmXh7b+SzCVNFpheqHXr6hzS8va/r7U4TVponu9rIdgAIh7nOZPv8vDzmzqq1ezqRIDwKRhvmYjnann6NgdPLzAPl2XxwwNbaiyuXTlWfdrWRrQAQDAb9Chaa7HPp/Fny9E8Rdlq13zxrR1Tqyfc79+4P9q6dgscj2c5WADjSFBoP5ERcGKWYWVNt51QiAfXKgT4R/+9bdh6FXWmSLmx2f6sB0Ak2r9vx1hB/jGRDWwEg7PFMN9l+xHnD6Fnq0EwIkRBMGwMhPWoB5bkwzsGPus1rtvzn09TxSDa0FQC0VtNMtq+ZNsXOaUQCG1tq/pT74IBZhuFk41EQHOzMqD+wuv5stp38MtINjQPAhGAwW6EvMtln7OiRpqcRCS7gM3/ShTSs6LJZKnlN7OXMgp+dXt5lo/dE8ddlU9T7kW5uHABymxgCRJyat6xPL0q6OzQTQiSUKX3Mkz+8ty81BwYVZlrv/k5paINV9bZ2XWaysXEACHsYYrL9qBHnmZ5CJImSbBhuGNtDGl5JsVqAwqr6Zzk4uv0lO09/2LF7L8+a7GAcADzaLADIdN/UZqe76/361KoFXNwLhjqYBbmhDVbbePprWLb8ChUy2cc4AGgVNgoAZX0k2UcqG1gAfQ3z3KdSW0C3LJg/wNljvvSJrad/Y3uIX5nuZBwAlFZGbzplkuor5U22EePfr7extHWC8Sr4whDn+vwB9jXDKnuz/h6OtOvvVOY1AFTEiY39/gyKi2WFiFR3QYm1lLiJsIb/2hab8sTLggrzNRO68qft1rUx1BRqZ6md89kYB6AjrvAFAoafCpGUPAousbGGy5ZGWHfI+fLEw7Bia66/k9YetJlHUbHsJ7XKVp+BnYFAkQeAbBn7ny5GltjrA//TdhtZblzWI9uq+js03gewkqj+eYetXRszsff0B3sBIOL/5qysbBuHF8lIAbNt5Hk53AqvGaw65LYsL3xxmPOrH6/81F7PiIJ7756sbOdfdnxtwFOFQpIRMp0MLYaKAvP9VnyaHEOEPQquqzJv7+jK4VZ4dbetXfd5WvhpNOe2EwAibmlsaUmhzl4Rkbk2RsO1h+C3m21lvHFMJOP3Fw40z4zcFQ08vdXeIioa7rrvEtUUzfntBICIJyc2txiuYCiS3oB887yBAJsbrbRXbinuorlqRl/nFvc41bt7bS+jtj10nIejPb+dABBxasLm5hY6OuQ1IN0sHAg+G5+sP223RsG54VwTmy7qCbNikMe2oQ2etdfwB4qbH5yjor5aNv6bVMQBIBwOs3efvRkNInl1y4KaMvP9Wl18FZheDiO6f/7740ohOMjZFn+wfsffb4E2o4G7FgV/XDZZnTPff6TM2zJV+BO0mhjp5rv37KW8zMH8SCIp1JTD3w6Yr2O/pdGaMTi+Z2zKdTZeBTcMtarjHzdYN+jQIhgSo3Fs7+y1vXZis0fzLafKYT4SUKtNJtvv+tRe86ZIbj6P9Spgx5+2w36Xmo+qiuDSCrisInY3f32z7T5/0Nx531Rld+/PMX8FUGqzyebr6z42PoVIDVVFZ65Wd6UtBL/emJrLi7ef/N3sVP2BzR1NZvP9u2I+HTiM0R390boNhEL2fluR/C6rsHLkm9rXBM9sdb48blu+1fYkKK3CfM2Jhr9TGQeAE805m4CIC9Hc0sKWrdtNTyNSRGGm/emyq+rhXRe7Bp329l77ayVq+OXSavWqsyWyEQBee+3XrWjeNdnnzXciTlEmUtDFveyNDQBrxuBu40muieezJqttww4N29pD3O5siSx2hwIbRaIVK18nHE7BFzoRsSsH21snryMMj2+EphPOlylejp+Ax+qsCT82dCi4xs5c/0jYSwuuWGmy/aHDDXz40Xo7pxIpIs9vBQE7DrXCIxuSs1HwRNi6+e2mQNNwh0mWX1O2AkBxQL2HwZwAgGef+392TiVSyPBu9vv3dx2D33zs7nwBUxr43WZby3p3HmB1c4C7nSzT6WwlM6qrqwtVDBk6FFTECf937/mMSRdfRFGhjeliImUMLrQSXzTbGCFe32y9ElQmSZKpP++Ad+w3YjYpD5c8NEEdcLBIn2N7OrAOe7pcevifttea3z79B7unEynC77Wm1GbY/OSt3G2Nokt0b++F16IYA6c1X1062WzMjR22A8DkC4e/gtZGuV1fff0tNm1Owc5dYaQs18qjb9cz2+CjBF5ufO3B6PIdalj6wFT1lHMlOjvbAWDJkiVhlPq/JvtorfnZLx9F62R6kxOxMLaHvWzCYCXNfHITrE/AfILrDsH/2WQrsWenVwpDfNvBIp1TVAmNK6qGb0bzDZPjHDx0mOLiIioH2xwoLlLGkCLYftReC7nGqgX0ybVy9CWCTQ1Wl6WNnP6dPumAS+6tjk2X35lEFQC2b647UlE5rD9wgcl+a9etZ9KEiygocDinskgqSlkDhNYehBYbjYKdQaAs11qmzE2bGqzuvigSnLZ6FLMemKLi+o4cdU7AcNh7F2D039fa2saddy+lrb092tOLJJeTYU3DtdsoGNLWU3dzo7PlMuHAzQ+aL98/Wa1xrFARinpNkx1bNzRUVA4bCpxvsl/jkSMcPHSYiy8ah1JOp1sQySTfD71zrJqAndpzWMMHB6xaQK8cx4t3Th8dhMc3RX3z/89lU9XPHCuUAUcWNeo/uGq1UupGwGiw57btO+kIhbhgpFHsECmoR8DKy2e3YU8D6w5a3YwD4vRm+dfPrIE+UTT4oeEXD0xVcWv0O50jAWDHlo1HBlQO8yqYZrrv+g0bycvNZeiQKPqFREronWNl5916xP4xNjdag4yqip1P49VJYy3g+dzO6I6j4I+79/HFuuU/cK1bzLFlDceOGv5uawdXAMYpIFb/bS0azcjzhztVHJGkBhZASwg+iTj39OftOmb1LAzrFlm6bxNhbc3pfz3axUwUr3YcZ+GvLlOuTnNyLADU1dWFBg4ZthnNtdgIvh+tq6O5uYUxF4yUNoE0N6TISgm2L4rVgz9rsoLI0CLnVu9tOjmrz4FBSGsyPMxaVqNcXx/ZwYWNYfvmum0VlcMKgAl29t+4aTNbtm1n7OiRZGZmOlk0kUQUcF432H0MDkaxtsyhVqthsaLAamiMxu7j8It1sCeqZTgA2Oj1MuPHk+wv5+UkRwMAQFH+pJXZuS21QLmd/Xfv2curr7/JkMpB9CixkVBOpASPglEl1gQgmym0AGt8war9VgCws3gpWFl8fl0HTdEvcVGnoXbpZHsr+caC4wFg79414Yqq4S+j+RfA1vCM5uYWXlrxGocOH+b84cPw+21kkhBJz6OspKKHW60qvV1hDRsOw9F2q3Ew0naBjrCVxee5nVGN7uu0pr2dmgenKZtJwWLD8QAA1gjBgUOGrgd1JVEMNtqydTsvrXyd4sICBvTvK20DaUgpK49AQ1t0QQCsavzmBhhUAIEunikHWuDROmtsvwPe6vAz86EpysXhSmcWkwAAsH3zxi0DhgzbrmAhUfTItLS08uY777Pi1TcAGFTRH683ZsUWCUgpq02gpcNq4Y/GkXYr0WimF/rmf/6DqbF+/uuN9rP4nOb1DA9zl12soix5bMT0TtqxuW5dxeDhzShmRHus48ebWLXmQ1565TWOHD1Gt+JimUuQRhRW9b0tyi5CsF4JNjVYwWRw4T/Slh9phyc2wht7HKnyAzyPj0vvnxjdCr6xFPNH6fYtdW8PHDwsE8VkJ47X3NzC+g0befb5v/Du+2vYf+AgCkVRcSE+qRmkNIW12EhOBnzcGH16sIOt8H49FGVZXY7/uQH2OtQxpxQ/Kwhxw91TVEJPeInbS3XtnOBtKH1PrM7p92fQr7ycsj69KCvrTa+epWRnZREIZJOTE8Cjop73JCKQm5tDaY8SPJ7YXu+PG+CJTfZmEcZYSCm+t3SyusftgkQirq1qtXZ+SzgAAANFSURBVPMWX4/mUewsSiqSRl5eLrXTpnDd1UHy8mz2vUXgQIv11DZdgDSGjivF1Usnq+fcLkik4lpn3r65bm3/QcNWK8UcbHYRisTX3t7Opo+38Pqb73Dx+HHk5sZmil5OBowusd7lGxxdMMuW3drLjGWT1BtuF8RE3F+ad2yt21o5cMTvtCd8MSDrhqew401NfLS+jjmX1MasC9fvtYJAY3v03YR2KXjD66V26UQVRSZAd7jSarZ16/rGMaOGP9F6glxgPHF+FRHx09DQSP++5fTvZ2tgaEQ8Cs7vBt2yrdmADrXgR0KjebAph2sfHJ+Y3Xxdcf3Gq5kTnKFU+CFQlW6XRcRGzbQpfOfWm+JyrgMtVuPgnlhn1dPUA9cvm6peivGZYsr1frMdW+q2DxnU/5Ew/jYUEzBMKiISXyCQzawZ0+NyrpwMuLAUWkPwaeyeySt8YS65v1qtjdkZ4sT1GsCpZs4PDgiH9Z3AVSRAcBKOeWXF80/Xxvukt7yhLwUeA2yuTfw5HUrzw/wp3LFEqSRcqfDzEqpz/KU/L9+x4vmnr/V6VZVCPwok9CAKEbF1bpx02RT1p44QIzU868Dh1mgv45ZOVUtS5eaHBKsBnG7mpVeV6xMd/6rR16JU7FqRREx5tB7/0gvPvOdmGW75q56P5udAmeGuLUrxg/wO7l8yTSXesKMoJXQA6LRkyRLP2+9tqNYefb2GRUCe22USEfv9iuefvtLtQgB8+2Vd0O7nDhTfILLa7+tKcWM81uhzS1IEgFONGXNjRnGPgxeGPZ7pCqZjdSNmuV0u8XlasdIfylz44otP2V0gOyZufVNPCod5GBh6lk0aUHxn2SQeQamUXscu6QLA6WbPnp0Z9mZVhbW3UqMqNbpKoQZoyFXoPKAQyAWiTAolInQM1Eeo8ONF2Z7Hli9fHnK7QGey5FWddcTDzSiuAgYACs024HeeMP95/zSVwMuPCiGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBAiMv8fEXkhdG5DOgcAAAAASUVORK5CYII="
+    },
+    {
+        "name": "caddy-crowdsec-bouncer",
+        "author": "hslatman",
+        "logo": "iVBORw0KGgoAAAANSUhEUgAAA+gAAAD7CAMAAADO105+AAAC91BMVEUAAAAAAAAAAAAAGAIAAAAAAAAAAAAAAAAAGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/0PkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABO1Pc90P8MrRk90P890P890P890P890P890P890P890P8Nqig90P8Apw9G0v0OryM90P8Lph+B3rwApg4HrR890P8AqA490P8ApAc90P8ApAcXtTsRryRGxm4AfQIAqhIDfw0Vt0MCwIm37NYAfAAAfQMAfACp58qg48ICwYuV37gAAAA90P8zNTAAfAABqQ0BqxAAoQMApAf///8AoAEApgkAowUBrhQBrBK6vbYBrxcApwuCgoLh4t/a29fc3drf4Nzs7Orj5OHX2NTl5uPn6OXS1M/V1tLp6ucAog7LzcfGycMFsRwCvoEQtirP0cw0xVcApRYvwlDw+/QBqSk7x1/Dxb8BqzEUty8qwEoBrTi9wLkJsiABrz/r+fECwYz0/PfAwrwvvcUYuTQmv0VXWFU4OjUbujgMsyPk9eTp+Ow/QDw0NjL4+/nb8txDRUEjvUEeuzoAjAMNtCbu7uxQUU99fn1dXlxvcG7U8NUgvD4Cw5V5eXhpamhjZGIBsEba9ejP8uIAphwCu3QApyAAkAn09PPE7tpKTEji9+4AqCSo4Ks0R1eU2po6PDt0dXTH68ix5LMBt2Se3qK369HA6cLN7c6C1Ii55ruKjIozja1dyWYBs1QBgg2L15EzYHZSxlxozHCZmpd50X9IwlNxz3citzIjriYNtVE+wEuo5sU1vUIsujuqrKgorT8ZriEZtCo7yfSU4b4nRSU0sdkRk0YzlbcyVWY0pcqQro0Kiiw3wOhJwu80iqoKkxwzaoInsqUzeJEzf5wepX10krMXnGHF4cVihqRgcoxmn8PC3sEzh6YBnj9Ut+Feq9KBhqI/x4Q0xNpb06MdozAKbgosNv34AAAAU3RSTlMAy4IG6ruk4wz8MfcW8XRkEJNv2cMk0rI4rItVXAybex4qQEbeTFBqH/L9zpcq4lo/u3ogqJM0eE01/WOth7xl6G7T3FT57OKpSbbmyl51xqN9dJdQW+IAAEF3SURBVHja7NtdasUgEEDh2YjvilFjCJKXEO4eZv9raaG0tC+Xtjf+JJxvD8McTZTGTCjzlo5lX7OP6nxep+WRtrkEawTAxRk7L6vTp/yeAuMOXJIpafL6e259zIw7cCXh4fU/3MSwA5dgD6+viHth2IGR2ZT1DHEJAmBEJkU90W4FwGBK1rPFRMMDA7G71pFnATACc0StaOK4DnRnV60tstaBrmzWFuImADoJWVtxjDrQRfDakksCoLHitTV3CIBnrr3Nv7DVgWbMpL1EPrYBbWxOO5r4XQ6oz3r9Oy7ggUtZtD/PexegptnpEBYBUInJOgpXBEANZZB1zlIHfrjd6fw7z/U7IHLbbCffgU+3znbyHfhw72wn34F3t8928h04WRgy28l34Eyzjm0VAK9KOroswBt7d7PTRBQFcPxCAUsLIiBooaCCokbFmBjjxvgQ93bFqkk/pvSLyIIHcOUCNtB0Uz4WtMvGhWnXdUPCvgsSoiRiiKYJdgFuPXNLh4GZqZ1pi870/DY8wT/nnjudAVnzGg6v5BBqnjfMDGaxdIQa8JKZw2N8nw0hw16w5tg7KZdKpePj418i+Fsun54csmbC0hEyZuIJa9BJybexsbG9vZ3Pb4F0Op0Bm5uby2B9ff3j+s6P7wfNKR4fqCNkxMQsM+6wXPCBSud53nkaiJnLOgfJZHJ1NbnzfZ81Cj88g9BVdn5Y8lVB5qDaeUaj81xuZWXNs7bzZY81Av9zE0K6GTy3l30yNY/tIMk7X+Wdc7mjA2YcfiEWoau4hzv1ycjX87RW5zxz3rnk02dWD7yRszrHkBY3uTozQ1puEwt4ynQ78QHFOJc6r3Vsh84v+Gpwrj/G5+kWcp1q6SBXp5tq6STm94bp9dt3kfK2XcocnGUOVDrnjvZZnfCXMxaFobfcW6agK3Og7Fzr2A6dq/pkJPUnBFkFht5qr5mC3sx558pje2Yrc6Fz7cx56gesLviGiyVh6C32iukCmdce54XiYiCazSayqag/EAbxRW9xt7CdXv5Ys3OQ+8L0ekqQNWDorfWI6VH2aY7zfMEbCGUTcyCRigrhOIDMAxVBkSAIwfe7W0kPaOQAj1+isCAMvaUmHrP6Hfo0Ovd55yFxLhsJxmNxLgykzIEA/Fy4mM951B3tscus98MZW9/I7ekpx0ifnSAM/Sq8ZPUrqXZeWAxB41xiIRiLQeVS5orKuXkQiQjFLY8qved301y92xzuQVd3x3CXk55zdg13Dz6cvkvaHYbeSs8ZZ2ycg914du5MNhKOiSqVKzIHPHJRBEQj0Wg0XFhRO79LQ90yV+83poYmO5y0Bueo67rDRtoXhq7wTxb0U7XKpVEeEmKcfJhz59NcEDP3S52DBRBa2vAoHTA93pD/mn285z6tT7/r4T3SpjD0FpplnJHL9oI3Ic3y4JK8cq3VHCJXZL4QAh+WFaX/ZCrM+M6qfdzlpLpc65lpy8GOoetmG5lyT4/Ym7mgK4b5u7mqUCBWoZq5wPlFyswrUqnQUkb7+G7i38Lyyg3oGmvDuY6h6zTl6qVc97hNx4KuZz0vBquVJ6Lx2plzisp551LmokDec8k+M/ma/gAqN6xj4AZpLxi6Lo5RKnJS0bUHxhd07c53BSlzf2xJ1nmYk2WuOczl01y0AAIZldLN+zR9poM2xjk5QtoJhq7HABQ++tBxg9jvuW9SSsdsRNOsoc4Li7LV/O/TXJG51DmvXMo8Crxrl0s37Zo+Pkob1zvZTg/dMHQdOmGKT1+Y7i6i5amhzotZaZov6djNlZVD5il55iAyX7hUujnXdBtk3hzOwT7SLjD0+j2g9GYfOWfvoXSIqHtmpPOCf+5MKq56Zg/WnOa8crVpDiJgfj6eVDxmM9uP3m3uYdo8zs522dUx9Lrd7afDdtLTLXKNDdgIsXXTXgdRNWug811pnAf1DHOgvZpHF6TMRf68eumm+d7M7VHaXP1u0hYw9LoNUidUfU16IDtDSF8XdTV04+6T8Urbefwvmfs5xWoeUgzzs8oBr1xU9Mh9M9fNu62zlzbdrbY4v2Po9bL300kiC51nf5329hGlCf2dF+LVzqOyQ/ulF9Rkw1wxzdXP7JHzYc4Jwjv5nVyOXfCffwAabkVaoWucWB+GXq8BSh2V0G8Sm2NMfJIOI72X3jH+U5myrPNotXNBNs71T/OU9jQHAgjGc55zX83zdgsf563RY/1NHUP/w965/LRxxHF87PVjba/xLn4b1zbYhlZNX1FV9VJV/RtmfcoJiVcJgSgcuHHJiQO9hMiX8jgkHCsOFpzJBcl3DpGiEimtIqJKbVW15y679jDGZj0zO7NxwJ8c2ksIsvjw+813fjNDSgHGQVt0gxSEUfM7TzMncf9ini+1PZ/Hh13n+muOLO+u5kjzWaT5/AUdkdy7DyWPQ+VcBMEyuOEMRScCKY1ET0MYkS709zAncZjniyiGu25tjs+0o57dANMcr+Z4BNe2vCX63BxmOh7IDfJN76icCyIUAzeboeikVKCGiZ6xWndQhD7W2yBnLllAnvc8ubJgNx3T0vxHO8utnt1k7oKVA8z0lx9AHienISc+gJ+0NkPR3ws+mGuJ7kunzUhuxPz8omxJHH4wdQ717bjm9vtpBl1BO5bBYQkc7vmcxf0V7KD6iU7KF+A9oXigeAI3+lTbUHRSPDBgid7G9F6DKcYkrse+2hLZftqj0+bxzt7+5sETQ9Of6tv7ezvHzdPHSw9xzU0wyzHP7xus4xNyg57HJePQDRI3OZIbik5KFnpw0VshXBqmWQ6z4CfQm2gcDtcc309Dns9uNJ8f1q5l0zj4hiVw+NLcAEluXiyJ7adv6YN9uCXjg+4Qv8HD70PRSfHCkGKJnlIUL7Rm4tQozDEUdHwk7vjn9pwMXsxbYNV8obmLLm63Y3tm7YrnncV8xRR9eeUYS94HuqRXI9AtKjd3dmYoOilJa1EeND8ZKWX8RwJgCsJxphX6DGIFLdC7ijmm+emu9RwyEfXmPLL8as++YrJssMswIPcDcJ1YCLpH6sZ270PRKb7JitwW3Uzdi0COQz/DqTU8iTtte/4Qed512nx9D723RMrmaVcxNzEtN1l7xDI2A9ymCF3Ff1MTuaHoxJQhDCDRgQZhJFmAsOqwoP/Y3lkzVOx92ryJPYdMw9F9bGk+h2lueb621sRK+qAG73noMtkbavpQdHJyF827agAMJFVVihBqTC+nohX6DkrcZ6/ZT5vG3lWjpdlRzVdwzU3q9FtsnwBXmQhBt9HAjWQoOjmSB8KA3HEc3SM5LOi/tJO43k378i5LOUc8edyh+XKH5o/WprGpmYE825JkyNuD6YDmHYmNlcuT+amiN5uizfKK4CYyFJ0CxQ9hsKhY/18MQuhXQCd3qQr6zs4GVtDnu/bNZ2fqjJ4jnq9dreZrLR4Z7NXavB3Ekq7EIRXxwEhZAV2UysUEeWcQqoKbyFB0GiQvhDAUTxf88dDFNyexDcUdtz2feYoKeo8huGmb55C3DhuNs5O35+dvT84ah1t2/XurmlueI8tNVge6pEsJSE7Ib3uxq1zVKrfZ86HolIQLEXSNaJh1yh09h4wi96Ue0zGnpueHVz1vnP/aKzp7+frdWe9ZmhlUzHHPLdGP6PfSPwduEaCxXCG6qfvWej4UnRp1rFhIF4pjKuhGJ+IP9Ewqitx7zLoeW57jmh++e92n8L56cdajfV/pXJsjzVdXN2oIfdDeVy1CQqJFBZChjFRuqedD0XnypU4E8ryJnmPpOrmy+Pxq2751TrYH9vL3Rtew3Nql5cYfy3LDc4N9+on3r4ArVIk1VwE5Usx3Kz0fis6Tr4hFv9D82dEyiuKuHkNd2L7i+dtXOjlvzq8s2g9X17qqucU0FscN1BysGuSrOUIuRq/1fBLcWIai8+Mjws697fkOepKl6ya4zc7l+duXOiX/1DqoW5pj1dxifX37Su8+KEMzGiRBUwE9SuH2eT4UHeHaa+hW2350dISiuJ+vvqy0U69ju2qNNzo9L0861+lYAoc8XzdodvXuAxHHTUACKhOAjarvtnk+FB3h2ivJF5pfiL53vy364pW7Y07xtn3rtc7Gq461+jHy/BGy3IShd/8YiEaOw/4UVMCKkr1lng9F58fHhJ272bYbnh+hzv3KfY+rT7C2/URn510N4xStzXHPNzY26Xv3u0A0OdgXn7PgLB+5VZ4PRefHXcKCbpXzvT2Uuf/SeUXUPJ7CvdOd8GsNY+PS8/VVy3LD8w363l38dFw4BPvhURxfZ3GbPB+Kzo9PdCIMzU3Pnz9CS/TOi+D2nxyi5fmvujNeY6Lvrl7R3OTxY9qZGfH3wUop2A+/zOGCKp6eq8lMOKkC95FL48a/rMjvVXRJTYYz4yVFugWif0YYkrU9f/4UnUTHNX+4itXzV7pTXuHNO+rZcc8fb9KfSr8DhFJ05yJH1Y88HwMsKOX8qFcLpD1xX/sL+eIef0DzjmYkIBZpPJ/zpypR1PuEgv7CyGTJXdHlzFQhkQpGYZtIPK1NldWbLPodnYi/Dc1Nz/futTE1R+8k1lE5t6nnTDW9fqm5JbmhucEx/SJdByJRoy4dJZWyzJ5L47GAbWAYSXirogp8KVbwRGBvKoV8yR3RMyOBeAj2JOTJVWUW0bXgtWicmsXgNYQBIToZO2Y5N5hBWVzH7c2nl0My5zoPzmuI5iquucX042m66yfEj8EWXTtIKqVZPFfLXn8UkpDS8iXulo94+uYXo4po0TO5ILQnlB6T6ES331WNqEIvMokDQr7RyWh5vr9/+Xgq/hTDg0vPz3Q+YNPv3ZobINGJOgjxY7Cyz72rIeQEpedyvpCCVPjLPC0fRZb3sWxSEid6OFeBJPi0MG3rbtMlTQEOJOA1jAJCvtPJaHu+v4hER5YbHCPPay91PrzENtPbS/N2MTfZpt9J14E4Rt281k32UHguVbMRSE8qLwEuhLOQnPiYINHHUpCcdJhO9BGbjxE4Z5yyX2DP3P81NDc9332KQnf8nUTDc1ReefE7Ev0QaW4w3eYZxSPK4mdmpCC0paICnqjEBTdTiEJGgkXVPc0RqUmuoiPN6ciGaURXIvBaMgLnMwqc59z1P9qe795DomOPHm9sbSHp+LF1GbxjTTuiSZHGiZ93j0FbouPgvVBNQCdEtZJ7miMSSc6iT6YgPZpMKrr9JQQF50XE5/iXyJc6GX8ZmpuezyDR8ddQ97doplfok/fnSHMMmjRO+CJdikM7QmXwHpBiceiUyIgEnIzsMhGZ4il6JgWZqGTIRc+IjOPyzj+DOzoZVjk3mEaiY+8kLmE3rfOkUWuDNMfZon9CWQeCGIO25MB7IBaEPEgkmT8UH2TFXyIQXfjL1TmJVHSQYo/j2KO4GO+xOH2/5fnmfbS7hj2HSjuOSj8K20SWY6BHlF/oBIhdpNsXjaAMXCfjgZyIxAALagA6wJfhI3o4BR2QUEhFn2KO49ijuKjMe4muW55vbm7+jEQ3NTd5WMfePeQKEn17ugf7NQPKnfvvgRAmoC2TwG1KlJbxb0jKDvuJyCQH0aWREHREPEkouhwVFsdpzjdsvyQWfdfyfPspEr0lucEiNnbOl5Nam16iP2NYMHwKhKBBO9LAbWIRyJWsDOiQNOiYUceilxLQKb4MmeigICKOs/8VEua+RP/N8tzgHhK9rfmDh6fUly/Tj7yfTneDhmAbOjlACD7b6LoE3EXNQt54VECDnIYcKDoUPVmBzolkyEQPw2uJqkKiuATgvkT/r1XPt3c7RH9oiv7gGYNwtL37znQ3p/T7a4JOsGX6VCZ3yQQhfxISIEdNQC7EHIke9kEeRMeJRAc2mUhMSBSXB9yX6H/ubpqebz+7FL1l+YOlpTr3zh1xYrtIZxH9ByCAnG0SJwFXqYagCNISIEVJQT6Eqg5En4hCPgRLRKLnbfohEVGcT+a/RP/T0nz7oImL/sDUfGmRf+aOeGG7SKdfMghapFcG6VE0JQKFUAAI0R0zIpJllmeS38cQ99iJThLHhQEzGoeE9AdK0Q8OTu/hZ1oMzw2wwsqdN2Siv9HJAfwJQyhigcbeX4ghz/7EJDusoudD0A28ZJ97QUAUlwTEfK0T8pdVzw8OpjHRrXK+uIhlYvxBLjd5if4R4I53sN4zFlXSo0lAgBqHBIgWPcPsObvoSZuPTuYexfkBOZ8Qi25pflBfvxR96YJFgz1sO5s7Z3ZpHMPgrZCRmZTdMpMscv8gSrpHAn2R/JAA0aKXfNAdvGSH3GCMexQ3BsjRyUW3PK+vYaJbms/ObmPnwrnzttZif7qbJ/QzsCIun0hCG7KAiA+ipMMil18y4kWXPdAlvIRz0B7uUZzE8YkWxEnL8/o8JrqpuQHjgRbKs6oH093U6UUXMRs3CqHjqagPo6RHFNJOUzwexgdtBYou+bjHcRqPy+o+00nZtTx/8mTxUnRTc4MFLPvmz2u7NO6ApZe4A3gTgAiiX7ziUaKQHSeBQ4aglxAvehG6hpc0rClwjuJKPN9iQmwbmpvPJ/54eRx90bR8dmGeKXTnErszLRo+B7xJ0e5JiccLxRBKEj4xKR4P48EDkaKXeMdxeS5T1d/p5KJbnh/+cim66bnBupATLQhM9K4TbOjG5991CgBnpNBAHWchKelxf1bzTo1NjCvKeKaan8olSCtxlqDRJCOYSAc0b66Q9cf5ii5RfL2Q8UkUchd3Xyd8HEQHaS5xHMG0XRVQ8KlOLHq99XziU0x0U/P5+VORu2u46I8tMN13ay3+0YlB+2uu7KJHZECH+JKe0ibVHnaEpwJRiGDbRMiQ6pUulhW8EZgYDUQZRWdv3H2BqYwMLlGqRX/IoehVvnFcmM+0pU5Mo/V84k/3ED8umJ67LfqG8ceR6Pyn3fMDdW7N9pL5eGFMsfk7oxXqn2wcyUNkuT+mgm6kyWyEi+hJoi8TDZR7uaJMJRyJLgW5xnEal2nLj3RiGu131TDRTctx0c90ERxi98aZOBb9W8CXHOTUrwku6b5i3wBHwq6Yo68loySa21xCpxajHET3kxTzERlcRzJAJTp5O6Hxi+JCCudnVJHo7WdS7yEemp7Pzc25J7p1u/u6U9HvAkYYfrKSgAKhJT0VkwAJoyFoz6SDqD9U6BPmeSNORR8jqOZFGdgxnmUXXQlxjONifIYzPtOJabTfW7qHeGBqbtAUK3oDzcCuWzgWHe2viT+LHgUuYldb0mVASrgCbUmzb16n+nevit+Z6HKwf56ogn5MVFhFB1ny9o49iisDGr7RiWmY5fyq6HNuiH6Gi7568WcDS91ZRP8acEWBcCCe9r2+pEcK4xyvrYhIlDNcCE0maikiTkQf6VvO81zvu/NS7O15eEVxFUDFlzoxDctzXPQlS/P795HoJ7oI0In049UWGw63174CXCkP3i56Z0n3UGiOj6tTlpNCP8NIy1A4zi66FOz3t5KkEWuERXT715nCnKK4EUDFtzoxDctzXPRFS3PhoqNh9xk+onM/kR4boLtlOlB96MpiSpSKbWFmmq/3hTnfW+FhWaEnVEDKRJRN9FFecZwcZRxEZh+MQwtlXHRL85WVY7Gin6Pja49aOBX9E8AKdbM4AWgQUdKDTN/CeNRu2oZlFi9IE0uqHlbR+/xFvwzIyUSZRFcjZHEcewUJAATxtRPsos9ammOiv9VFgER/1hZ9nVF0BECInjZVwPtE9sGsApiYhDaU6N+SDZYoX4tlEz3D4zYsxLiPRXQQ4BTHeXiVj7s6gkH0BUvz5WXBor+rtThaG0zRtcEM3S+YigESaEtjlfrpuUgY0KEEmUTP2of+Mm38EmIRPcMnjgtzew/ijo5gEX3F8nxZcOv+T63F3lqLARO9YNfkfrBUKYfj4hwuocIJRxhETxJckEPFCIvoIMUljitwCX7QRVLMos+blosX/QVv0XkPu2cHc3cNwb+kp2l7Zo3jYDHCQ5sTVAE9WRbRYzw+CTnK7c3G/7k7d96mYiiOn/toyLNJG5KGhkcehIJ4CJhYEOIz3KvuSIAoUKjK0A/ABDtbYYK1QmJgBqkLOwOqAAELCJWBDYkBp7mVGMDYf/tYvvxER8Sj/cX238fnnEkFsOhXM8/XnIl+K+OOX6JPSTJeyi8jyYFbU7F2RAAFfdEDk7FSWP1NKHcUj+PqwJWt7PEaLvpE8zVnoj/3VPTAwyctFogkmXNDb8bkAHxpqyt6L5EQNwihC4hOMxYOMYG9lkWnUgEs+o2J5g5Fv51hLPpRgtE7nRYox8xJKvg1FMP/F6Z1Ra/LYwKMKUD0svkmr2zxOJhmYKLfFpq7Ff1Gxh9Ef5mqY1v02KdOzxaZ1eiDtyDLwKqEEbU1RZ9LGE5R/ZK+6CS5HewbRnF1cryiTzxfXVt1JfpjT0WvyI6FOaasEWvNsQyqGemJXqyw9OicAUTfb/rhX6wBh3yeM/qtiear7kS/mrFqJrrtM7r0pyDPxJJtsLpilSrBHNYSfZSwxKItQPQoNozj6sDnBFPqPvZc4E70Rzvv38WXZ6LX/tMVXXI6ndVQ7CBXH+1AZ+ntEs6cvug0bxgWBMBFPNM9utDcuegC/0Tf4+njNcYCgVDjcq1MOMWajugB00DbISB6y2xzUQZ+M1dlXKb5nTuuRL98LcNYdLJK268pLfaYUT5n7uMqJZjREb3CNdC2CZzOpoziuIPAdoCr1n2iueCyK9GvTBrJ+ya6JGGdojwTKl+YNbke6g40RG+xdfSaB0TvmsRxjRowEp3r9VrmuWvRBZ6J/p9WxslOyHPqje1bbFU7gXpQcJiMGACiG8VxC0Dow/Ue/UGmuUPRr2esGYp+jACgcug25Zn9qh9gZUAx+w8JptnqGaIacLESGsRxbeRjU95hBhddKO5W9Bc3M0xFP05WOSgrCs8zXcmrPODWGKKuLnpBofkVyD5A9F4J3uh1FI6CWM84XHTRsNGh6Ms3lwWmop8hAOgEV4rIY6Jqqyzj70tkrLx4HSEzehLRlUP3UpHv4yZEbuX64NLRJYisCywuurDcpejLK8vi1++iPwREB7vAYqM7++Qbxc7CeNBYcDiuJDCx8oLXIkNqyqJX+NoCdBDRh+g+p1GBJvPK+7rDom8IzR2LvpJhKvoJAsCqOrrkEdXhdKEpyc1g0QOF1tAogaroVcZHhA1E9Ojw3+O4CIriQsI4mgpg0SeWiwlJzkRfWloSmi+t3DIU/SxZZX8eamCjYSEr7GEQvcmYRhZURW9xFijGyHf4EBjHteGR6PLZa7joQnOXoq8L08dfpqKfI6uUE+8rZlphZjmP6DHjO91pVdHLClrBTCGiV7E4rmN/Y5IKcNHv7Xh+15nor9YzTEU/SVYplvxuGles700EjKLXAA3M29EGypfdHcablRAL6/vAnzUilONpiot+bwcxyNit6Bt/FP1dqsEBskszgfNeforzQkNe0SPOARYDVdFHnJHoPCT6ADlNNCr26/XPpyks+vpEc8EjV6JvjFnf2LhtKDpZZh/8DJqfTjNhIFaNquqMB6NAuea0x3izEgJLgDRAX5DX68Olcbjodydccim6wFj0U2SZQ96mccWZJINT9B7nrUNLVfS6Qos7mFnsGzwL5AZt6Uh09H4NF31p1/PciX6CLDNKPC2CHTQTHmLVMaojxlm1gXIFLBlTx0RvVLTjuA5HrnsgNRT9ksC96DfMRL9AluklLO+mGA6WPKJ3OGfPFVVFDznn5XQx0emg9g9GgaWMN8VFXxlb7lb0BxmGop8m29S8nKcKbNsx0cucojckoiseoCqctRIhWlI3r7cHaJIJx1JY9OVLeRX9KNlmb+Lhk/RDCR+xaqnKiHG7FCifhyPWrbuUQDOOmwVGogPNpGSib+3wbZdnH3Z5spXx/j4HX7YyXnzPeP1hl6dbAl3RDxAAvHaWGsQAEB/xiV7lLFXpexHGTaOi1zWDyjbcYtO89cT97bcfF/3m58ev91NVCAEfE1YnAIa/Ep/oRc5/fMeL67UQFb1Y04rjOliJoflD1TeftzcX88Hm9uc3qQLHyTqNkm+5+6iUcBKrNryeJlOGqqIP/SuYGTOjFccVkHoM89j9x/Zirtjc/pT+k4sEgY/tGZJzGnECwFACO8+YdwfkLvsvwKL3deK4RgVfLfA07s3Xxdyx+fWfq/pJss9C4lccBwXuuOh7GKdMhqqi9zkPEIFEdDipjSPlYOUXdef2G0UVx/HZnb2yly5sL7QVWrelKFFRn4yJMT7wF5wHug273bR/gcnSILWRmlqIkLSSSIp9Eh5QqzFqTLR4IbE1GgEVCKAJLyVpSIxvPHB58XvOmTndXWbPztmes8HPzs6siWkU+tnfZc75zW5rkzwj0fz/krPXqH7HVIkubw2bmGyu+3Fhrd+mmtW5vlguer/eeVbatu08odCOy0oeiW6oSL//uPff6nPrtqESXf6N/xg9UzXsS9b2yNaevm1t9dmqMHjC2CytTr+iZwzmVP2kedHtkO//ru2yB4GYKdLf/X+Gc87afYnor1om6CMS4h1WS9lFGhBvT+eSSuWxXPSIuT6YnfAnOgiZm9E50LTooMd3Oy4iyQnNFOl3vHLi1XXKZw4faAQ/DafmWF1VS9+fskzQQWR0Wa3EzhIpgTYmuUbR+wzdSJdX3gH/y5aSRm6jy0VXH32TTEj+T40U6Y904dbvnltZOXfunXfefvutt95888tPP3njjddffz1/gJHHQS/5A8Vi/kB+pIhLvkgZoUcB50KhMDJeGKcXfBgfL4Dx8f37ceBNGabvYRwl5wM+lUqj9BhlB7uAsbFRvCjlmZmJxYkjR26sPyL7Py0t0YFcriGrhQwQGdkhC+gVfchc2ZL2L/pWc1834eZFB2Gf7bhtJpdiPN/Y89W7K5RzoFp0WO0AyWG4cyrmizhG8tRyUAS4UNFHACTHgX/aD9ELsJxeXd1ht2M7Dir6MJV7mAuONz5wy3Eqw/OZRSr68bm5m+s1pteL6S9YZggSGdGYpYDJlnufbWkWXR6zQrYxxQL+b31ENM4QUhd9yGc7Lit5souJIv1OjebLy8vw3COi5ytEdwJ7kQZ1KvoItx2eQ/ECPeNC/R6B547sBcjuBHUWz/ECpRJ1HZrjE1wHsJudx3g8L+FEbYfo88zzI3NzpxdO16heZ6XcXks/IsV8PJ6fHJUU5whtBkS3E6Ymb2Ti/kXPmfq6gambEt2O+mrH5WQ3DQwU6fer8uC7S8tgZblK9E9F6i4y97wjeh5Ad+46TC8y1YsFFtMd11k4L1DdqeZC9o30HWcAt2lEB7hA7xLshun8BVhEn5g4cvz43OnTZxZOVKu+eruFJTroIjLiCu0Uc7Mq4wOWAdFBp0QEjYrJRU8aG/SzczOig6CvdlxEd0NTPk7qr7VKW1aWILpXRP/ETd3zwnMKP0Nzajm/jFAK8J2V5/QTBIfkOBd4zo7X8DAN6q7g7MzgCTzVfEyU6G6RPlOen5+fgOlI3c9Q06erTF/7q3UlOthOpARsq0UENUinKnrE1HjMbt+ig5ChO+l2aJOi98d9pHrJhMKaeA2Pa7lV6fny0obo5x6J6KJGzzsH68ZxivTNGMEbpjvQD5DcCedI3jlOFHerdHouiSIdpg/zEl2Ec8BTd+TuXPSFhYXp6YeVpv9ruESXNH013Ao1cOM5a5sSvc/ACmC5ISCg8DeQyujao6ouOujyUVSkDXUSBTU30Ct77UsHl4Tpkq47d53Hc569j7hNd56803ehyOI5Yz+ERwuOHW7Ozv3mId3pycFvHs2Z7hxen7NLGe04iD5BU3d4fuLE9OHD1ytN97id/rxljAEiZ7ell5jy2o5dlinRc4ZWAPcQFdGDhuZ/dG5a9AEf7bis7v6C/AbbWkU8r/FciF7djWPR24nkOCOoA9Z+g+DUcByI4k4gBxAbn5w2uyjMcSrh7SbvaMpxqOfA7btTzV1myqwbh5COxJ2KXmP6LYXM3WQoFQWyTtLZpOLvVMo2JrqdMvL8uVhKKrpK9TRoaxw4rV4ODTb8HswZ7+M+W6fjDs8herXp+76+8s2pyWNgknJy9iTnPcEpzoeMH3744RvK94wLFy58y/iKcf78+a8ZP4MfwW/g0qVLv4KfwC/g4sWLf4KrV69eu3bt8uXLN2/eXJyfKfOYXobn8zSizyF1X0CNDtEPHXoo67w/Y5kDXshJdVj6QDrZmVRbWr3TMiQ6iBgpWnYTJdHtkJGn4HVpED3dsB0XMT908GnvgL58EAjPwb0rs+8fe59ZTj2fBTWen3LglsNzLrqjORCan6dUaA6o5sDRXHguNAc3J6jmZUR16jlMX2QRnYp+ZmGai35oXRLSn7UMYg8SOdmM1rkSMF3pV2rIoOhPmLjjkAkpiC6VBQzG9JVk6qIn4w1+QDJhfu/ji54B/e5RJrow/d7n74NjnEkwO1mr+Xs10VzEc655ZTQX4bxWc1CjeWU4n+fhHPASnTXdkbmz22sw/TBMP1w/pD9tGaWNyIGZeudKdGZUytothkSX/yKDdjObbQNqOVVQ44Ji9R8badCOS7fgebxPebbcDx6t9HzpO9fySRxAhPP3TtYm7SJrZ55vRHNJOGdZO6jUHHhl7W7jfRSizy8CJvocRKee05D+sG7j/UXLKHaUNGCwQ0+RkCCcQEbhNyqpb/lpSO2ewxM6FwQIAmqTfhIdRmZsBjdd6PeabsUJnhP30CsDOhedm37vJDTHi4kOy5npwnOf4RzUy9qBR9YORNbONHerc96SK6MZx3txaMahG4fUfZqZvrrRZ1BYLWO+SgchSVhVFdDb9LBkx6i2UiSk5kMoaaljBxRFB+3atxZ1JHSIDjql7bhcS570s/fRzH31qBAdnj84Bs+F5pV5u4jmXppzy+tV5z/LmnDcc6+sHYdzQkTnqfscv7027UT0qYd1cvfnLNN0kUakcpvOG5DRSkzv1DbdfEhiruIS4LBtYEpOQJ6DaHl4WayTaBJ9m7Qd1617rqV8vfu/GwH9bIXoL7uaC8tn3XjuUttr927CAa9wLjT3qs655rwJVxqr2rxWZktgj2PBDIp0nrpz0+vsYttrmSaZIo1ItFmbItZVUwDH/K50j+lbARRSXS/U00y7UV10tLT0Tu+LEF2iZxKSH5GMt2aD8wuOCRs573KF6A94F054LjSvtRxHTdour84lTTjvcM5fgJ7KYzMzNffREdOh+dTURuN9TW2gu/l+HOhK6nw6Kkz3mSJ26FvTG1IuW3pVC/SEuuhgp94bnNuIJtHBTkk7Lq2wxknDXtV3qzJ3t+t+b5IV50L0iptqOERxLsK5sFxU5z7COZDfOnf1xrmi647ba7REn6M1+gka0rnoFatmbpta/qoeBgWhpjupdl+cELnp7ZpmodqdUtFVby4m1KLpk1HSkID6JsJsv1pWEdclury32JuVPBJdK7Ul+trZjYj+kRvPRbd9lnfhuOcQ3bMHByTRXF6dc81FOJ/Zg3C+MXeCV+q8Rl+kRTrbvSZ6cTD9kGeR/rxlHtG8kRPJNPfDvS0Ox3y1Cfr0bbAPqUe/+JBKPA8RNdEFYY23PdqID4Ia5gpGNXYV5LxaM3Bi5ayI6C/z4px320XaXu+eGjxniJVwnp6rN+FKYAyiAxHXy/NlnrkjpJ8R99FZSN+oQe5oaMUZeORZtM1Wr86DCR+9roieJ0lsiauKnkkRoGUv/PYUaVb0ASIn+qTCzQ29orcRVeJJSzM7akRfFhH94KwbzMUqmQ+//unitevXL1/+3Q83pOy5scebsT3UaLjNX8xsnJ0r+8gWzLgRfeHMCaftPgXWPUR/yTKMSHl9Maiour07JOtqK48ilJPMEjXRQU9DJ2yfRiSIsuiCRn/8KZ91U2wr0Sx6LEUU6ba082J10/2giOh/c8+d8hyen9on9qNX714Dzl50dgJ8/xqfPIGj4GxvwQsb0ukngP0tYo6UM2qGb18rYciMO10GB4fGc/5296k6t9eQuzs1OqgU/R8zq+LkbST9qtu9cvO6bFFX6tiUnQkQddH74w3V7LAak+wm/gg0GTd3xvz8LWaJP4IGH6uRs7Szo3pd3FFH9KWDzg4WHPyu2vl3vGbGifkTxQNsXJwzHRKK40RHTlDVceYjImE49MbVHRc3DMnH3ZFxuHBK/FyC8DCcR3d6heZiaNwEHyWF1F3cR58CDzfWxrU4oIMh4pfBtL8g2x+MEuDL9A4Nc1Zi7UROqMlf5MRuu+Hq3ijZlOh2Y0OzOYWmp0bRnyRqZC0DvFK1o+Wsm7o/qLh7Dj7a5zEc0jnnmefUd+DMm2DgI87jMJ07zthPP/BYzi84sAOdms5OdJcq3qNsjBSOEhWdwne0AGf32hHsXmPNONf0qaq2+61WB3SQJv4JpPsbWberK+4nzXMVkiSInba/vD1MFERXe+JbVl6p59oV/uiUF5sKwlukmrdFCdEuOmgnSqQtA+yoFH1ViH6lwnOwz3vwhKM3U74Iyembj5FCFGchHRRHxtk4KQomUHDR+TwpMe7Z+cB0h+9489kT7I0XE54juu50BexxRHSxYMZT9L1WC9lJiJLruUzdIJAOJwhQML1d/u80ZnuUKIiu/Kzmzl67nmC5sNKfW9OLXEBX3ewm1jZIFAgae5Z1ImmZ4Jkq0d0a/QvqudiT+rfnhBmetfOLKNHZIeI6B5rjGHGnT/CDX3hxDty5cXwQ7Ojw8CgubOQz78OJSVKjZSE6Xxm3IBXdaiV2mCgy2N23q79KgMz2tp4ub+XkJXhfwwxfTjpOlERXD1mpyIDt8f2yNUqUCDS1PFEw2OMR1u2h7gRRIqhh+FxLn+S1w0v0e7Q8F/H84z885rrzd9654Ow+vgFdOFxY6g7cKp2Pk2KD3XkbriB0Z+NlgKs6S9zxGVcc9MRMx6kkVsC699ER0Z2Fcd6p+2tWS8lkSTMkQtlAuLs73N45GCKqpLb4eWhMuEGlkAsQH4Q2+3THUDjY27+h5kBfN7Vch+hgm/+v1/RAUljY0dsTThFVghpGY0k6Kgb4j71z+ZFviOJ4zfQ8untmzMOMGYwxT8QjEu9XRLzfr16Ymeg20X+BjSAWJMSCRFgIsbJDJMLa2los/SVi5XvOt+r07Xa7teq+3Rf1uX2rm9WP+DhVp6rOuS1H9D/8KRkeh3skt2Yc43mmjQOT7bQ9pOAU1oIVwWE5F+wv4RHDfQ1Y+Vyo5YovJSXAbTqu4yud4pC8vQbTub32Rn5Ev8pNli2IOlmWDocLqysbA4J6fX5IT0f9L5msHM9szlw6V2tEMRNx7y2HGv7viv+zmuJFir7VGJ7LXEFcl7NG/wOSE4j+PYrG5YhOxSl7C99AV+l0/RxgaNLxc67VtdizpOF8vefAKVWn6fj4qu4ywnQN6BhhPEUPLZlYS4qi50f0W9yk2VlqTJYrhynAREF2q/nTkF1oPqLo1ePGhKDo+ezUGhNjdvx9bsm1rihu+2tEv0eDOfgBov+cWwWWjnPq3pLfJvo5Rt+QSRo0NZW2DpD7XLfSX+pCqzzLYHtrhEGdI4/LKO+Fa6o8Gce5O+gWnQF94hytNCbJtcNd4SIre0drvbHmSi5O40Un9cn9Y89EFpsrXPTRt17ZEr0orvprRP8tRPQfPv30h99zRe9OyIGWEuo9M+0uU3jfrkUKuovuzMcxE0e4TlfPmXbHq8JL7p3T9mxZd0nGvadLdJ26s2Ycd9d6Rb/ZTYH6JGfvs/94/nzp5VevXnNYP9g52b32H69N5+KLbxQvOvc9JsVsdBGi6fUBuD1HdB/PfwBv5IoeMu6t0GER+KiuhjdlZO817dQC1X1sB01z3FqvYWBAtzk7Rl2i4y8gu7reaclE0xnRJaDnZd1vcFNh69LGpFjvTTsXzFzcbZjJiV4ZmKgoXvTR/+3UXXGsPfoX0X08V37J771miXci83fZQUdMx0DJYbjQ1G8Yr0fjziWgd07H+bm7+A4oO9wW3/FDZMeQab32ipyXYe81LNJRd+Lzz/sl425y02F5pjEZrs65WFMoc9FldooXnSz3D51TFX2/Nuw/XJE8kys6Nf8aovfvpmpL9ZZ+RHJsr6nw8rTw0nPZWNNFehMfvALjOTjVR6M5R7wYwSmbMl3oSVhrycSz7ryQzppxeaLf6KYCq8EUTP61sGrRq4a5uPJLBYgeceVgWqKTIU/yr7pCebonGfebWE7PP/maouf1R6fjQH60JKa3zjHSb4nkqriaDs+Zc5fRB3KL58oFl+dQXUSX5ug2iWcyrrNIp+jWkkk8zxH9Kjc1KoWvFfOr0J008ihedLI11mg6Hxn0rqmN8x94JkL0qM5d1hK9UO7ujejmOciL6BbJMehXiwFdwIiATs0puqK7a/4EbDPcamEeTgeG9FMOdBxw2n5hVSeyxSH9pZaP8g/M3OWmSPGz6MWD/P3scXDZYoToYP/SMS5LViNEp1Lji+lLO9ujim4cD5d0KZjHeyI603Amem4yjobTd0NE157Jus3GzugYLBMHyzlnp+iZFbrm2iG7hnP2SMcrlvsbLcFz4JNxEN3utPRG9BvcdDksdmd5ZrnfmZHRWTroW218YtmJPRcnOutXjO+QQpTo8VeeDlzBMB+XjejUvJ/otrlmeTlqzlScPhrQ8aV6I7LLMRlEd4nmortxyg/gOp0fdktnP1UcfbUKFCb6OxCdXZNpeq/o17lpwgoGxXFFxeWztdIYmVUXITqpzo9p3l6JE50czI0r2TlG0XnMYTCbrnCe6Y7o1JzkrNH/somembgzljOcK/jR5tnXNmRn9YlMRBfDfTzvnJURzyG4VZHiJ6jO/ugf4sAM1+g5Ef1xN30KC+rHO0WGs8tdlOikAjNGZ3PNRYpOto7Hk2+LEz3+dt2uK56nu0U307/5RkR/v1t0qyzjZ+8YefgVXuNbvvBybOJpY2AyThLvIHNzzWbu1iRd+qMDCeb43bW9ZmfdNev+MUL6R/ln3W91JaCgoL5eLXLiOl+NFJ1URk0T8FZttOhkebMxMhsuQvTIOtrWh6l4bn20e+r+Nfnms296IvqblnU/4+jPwFrdCX7hh7+Rfp6Zvrd96l18V8uRj6PoMoaoDrWB+I3h1Idz7qJTdLRes04tXvS3upJxz7pycDT+bd3Fw+KWqPQ8WnRyOOo/83rFRYtuXDJiSq52pYsSPb6RPttdFM8z2YhungMT/UdfM+4siG5z95Za/jIt5+wdhD22NjfR8QoQHC+DOgbhNHz5oC6+i+TysmAceaWrOCS215B114j+bjgZV6KJO1lbX2qMk9r6mvs76tETVxaLjxedrC00RqCGlfFoopODkRKDc4cuVvT4k/hbbiI83ono9wTNxfS+WXfuoAffZfLO2ftZULzpvyA7p+3IyPE6Ol8BER0ExfEQmO6vtUi9Z/U903tNAzpFz7um+uiaKw/LVyyNT/O9/aFMuzw62V11o4lOrpkbNf8QL7pRma3Fz2uWXYTo0d2ZyLybDJWnLaKb6OD7XNENlT0M53piRjXvVI4DUB2PLwLrN9IxglAWkuXi5BuKS7U4v0hXyzl15/ydEZ0VZpB2Z++1nlYtd7tSMTbVF7bckGzUGhGsMBkUL7qxvBD/f5qRRTd2IoP6Eu4EFiC62xulfdVYl+nZiP4N+ap/RNc4rq63OGpMt+upraZl49oa0YEZboVgRXFLx/nzrzpmq8BiNLhI9xGdnVrouVxTLdUCPav6yhhSVAcuh/hSEvlVmUcXnRxcHhPOr3FkdNHJSYzqm1uuGNHr00/FkWcsosNzH8+/R0TvV3jiLGyhd9eYASz2zAGfVlsCOg+4Szyn5oaP6RhZdiIYL11U4TpFN9m19xqz7l90Ck8wopdrgZ5VfXY01VfW6+6fcUJbh2Zxt+KGEL1A1RdRFHo40YtUfebIuUJEBzODd/Mmx5Mi+gcQ3TyH6QPW6Kq6Ko4Xo2biNN9u83fO21kA9qXQuaEZYjqB5Bx4nwWDfjERZ8fiaDvG96Tcs07dEdC7RS/bAj1DlSUeopi/shKxFNtYbAzNyiVVB6JFH131Of4JhhK9ONUvw5yiONFXB+Vf9t3kuOpJP3X/xjQfJDrfUEYq3GBjdRl9mi1O3AFLu0umHTS74nl4PLyeiudUX4Ex3V9TxdQd22u8vAbT2ajFi16+Bfrorh9fve/iqJxsDxnFrl1zbryik+Vrh9zQnmedqwJEB/XZ4+HW5guHjkSLHt+dadtNkls/CKLT9B7Rvw2iW90JPuq57Kbji/P2MEJ00MYXK0mx8gSED7G83TH9gkVl7I4qqz3rCViWjvOy86y7mK5T93cz5Z7LuEAfxfWl+UvqbhT2Zy/721DKVUEhooP9jb91/VL+r6wY0Un9ir9zvba5WnUuVvTRuzOduInyBEU3zQdFdJpu19j0ErroTsPxxTW6hHSekrFluriutnPOLh9oDjAAMZynZl7pzN/hu0e213hN1dd7huZe9HIu0LupXjM7VOH22ubsYcWNzvLuwlzfGfv2Rj3vEtxCPusuiv3V9c1+sWxxYTd/wnK40IfYtWx9Y+GyWr8Z+xUn+Su+jYU+xKXIDxoktyX6ZHlBRee0Hfz0/U85Z90t3d6VjzNaQARn3YlQ0/3cV5zgLVUtISemd9bnpjoMz5x+FdmtmarCCjOcun8kogMWh3y64v4dLB9e0v8/u9ql21esHlbd+Ng62lifX1xqGEvH83uXXHNQcRMD5dO3UeN5yf4Ei/PrGydbbqJU6qvr86jxXLM/hf6rXnYTYrlWQEv0WNNVdJhO0X/KE13lJrK11ikYp70bOtP2JgvM+Lpxbas74Qu7A1/n2UaAgZFcu7XQ7wv1HC+z7uyPrhH9o+w11YdKmojrQ6V+dOXqJVesL2xvXraIKuPbC3tXzG4cbRWmX6W6vFWvby2vVdzUqOCPcLCPP8FUqe4f4N9DteImy9URLdEL40mIbp6DfttrtlLP2A6/MdjMvXMlnXP3l84tlENzQt/l7RSQkgew0aL4bWl3u9TSfdadoj9SiqssiUQfKseFtESPN/2e74PnYMAanbK3rMCM1XWXNxycOQc6bdd0HGlmRA+hnKt0loHVn8y9K6www0FqxtntNZR7BhrSk+eJknNUTEv0+E22e6g5yV5qsak7scYNbL4GKHu2rrvAGlJEjsvAeGL9FfHx9dw1oIPuenGh8gQ817bJnLqzlFQQvcQba4kE2C6mJXq86ff4PJzwa+4anak4M505OBZ75ipdR994DZr7+pAYGdVtf01DOr51EMs5cpWOFTro9GXqnHXngRkV/V0/dX/CJRJlph7REr1YrnsKnlPzX/uKTtc7u2tAZ/ECs3AI6RSd91Q1FcdDsO3QfY2OK3BcRj6Kr+puCfcQ0jNT906FmYddIlFqtgtriR5vOjXPFx1CexjTeRm9b113gFgOzQV8+6OwCmtPWO8GwnwcXlP9gudgs1l3nnXXSy0fSaeWO10iUWp2IlqiF84dT1Fz0L1GN9EZyK2wu8byv9Z1b7EbUzjwzpNxvI7e7qkDaw0WX7Hb6NYiPVSB1eE9W6Mj646NdEzdk+eJ0jNfaEv0+Nm7iT6wbTI/mWYtkJ3Lcx/LITZ054EZao6PDkD8tjqwtqcGzfUBGHnQXQYG9FdR113LPcPzL9ioJXmeKD2HRbdEjzf9V2XgfXTO3c10bqBjkLHZ1JfnZZh3DxdVYXoXzMSp7IPrunPmLh0ceNQdJ2bgeVqfJ0rPZlwfpuK56jnR/Lff+mbd5cOvll+o59Z1Pyc6a2+eq+VwHiMFt7m70FvX/ZVsXfcLzcdpWXeJ6GzJhJD+Vsq3J0pP/z30uaqbJjT9t19/y4vo2VQ7LcegmrORKkZEc3xJ+r1ttaRY/bXtv+C3JOIyovObvRVDHdiwiW7VnlkcMpOMS/vnidJTuaz44q/xpj+PgJ4vOuF1lpYl5fyddKbbNaxb0p2tGzDgxSAR3Rqv8b1gFOfAbDtHKn7BSTzQiA7P2U31oXQeLjFllvcq7m9YKEfFiX48/1fR3+yUe85uprf8SVjA7XNGc8A1OqHkPhXXtK7J2TqwLPZMz1/FL8ithBMzPBlnt9eS54mps85eeAOYbTRKdcz9L7yYG9HNcSousTz0VO1Ax2XkA3glPXunpd1x3dJx/poqHk26q+GM7Aqn7t705Hli6uwv4T553Q1gt9Eo1zH3HNMHTd0pewuyt+weeoucsS4kH7FbikmFzDsVt+7oNJ2I6LBbbRfHZQzBnKYzorOb6n1Vl0hMmb0GWFqtuH7sLDVKureW4bqHBpZ7BvqL8ZzGazg/E+dDEk5eDeXsj463SdlDMo6PLNQ1DcdjcTRdJafobNQiFWYoeto+T0yfrZpX9sTlU0eFn7LurWWo3tfvCGynvyIG1oyzis/WkgmPfqC6PtBbHzn72vSS2yqdvZLx8rKqXmbBxxef6DRZfP1LnIx7KKXbEyVgrxHYrOfl26+uNfqzWKY56b1e9O+y++hmuzxqO3XXfXRWgJWR9Z55KA5fzME1w7Rd3zYG20jHI+tzXmBjyh0/guTyJRFdknFp2p4oAxrQTfVr93s0371s6p2Sh+fuh/IjOt4WTbepu1qOoI6Xd9f08hplt8oTL/Hba07H1XVTXVxnMk4dx0cH9RyFJzBzT9P2RCno3TjbvKS+5sjayRWLjYHMuHJRvS+nlJQVheTILXS/Pm/KAl132VgDlk1VdYWOj26uWUS3qTsfrs45defmOX6o6Jn+6GnanigHB3kT86XjzcvnZ44bpPwp9wx39opuVWDFb6be9WEuLvRNxqeptHlshp1a2py+h80167LIVTpefqnjprv1R8elljRtT5SEIbrRlH0PvXf6ntupxaTHLwZ0noK1fFz3NrpWe9bT7qciuhWMU6+pt2biCPwmMNwOzED0NG1PlISDxgjUtlwJqdz5dvcaXb/1t15OxRCW6KBlZ+MAd9DxHSrA6oC0exueA4yctOObxgO9vmamM54r96VDMomyMExAL/Ep93xuva+nrjtvqLKhgyXdz5l3xw+M3FgLzVp4WqYpj52L40eGi9A42epNiOf6BtfBY+lOaqI01BsjMFfeNgQPP0bRuxukS2kZxnMA10V1wL4NwLo4qOpNoJZLWGdAt0KwvmMLHc8eg7WAfvu/pRdL4v/AEF0sS9Nu7R9Rvf3NzBqdgyXeobs+UBxy2zY6/W437eGdlqB4Wx33eTjznOgxmXA2Dtyfku2JErHzX5y4e+6+30d0s139FmB2aLIoM/YWgObivN1o4aenazI+wPqvQXO+kFz+Dhzn57F7XSJRIkYJ6Juln5ve+4BpzkDOJg5WeEJehnJupLckD4dXP5qMk1djuSlvDdIRxmUE6jlexnQ8t6c9tUSpGCWgz5XhGvrfUL3zAdtV4865yE7T8YrqQtNXk9IvfOTVHXTJxzHtzmhuYCv9Fbu/BpiRYx7u9pRrT5SM+UY8R+7fQOXeB85C42R5iUhul9LPhWA5gN4c9V6LWN61Uuci3fbW+C3FX4VXr0+aJ0rHYSOeWfcvoXLvgy+fmencWiNqN0VHUOfems7dgUhOz/GY5RjCYRkdwrydh+JeTZonSslmI5p19+8BqrMArNjuR4byM33OO6dlhJcY1FlJqsv0tibieACW91r4+JpxSfNEKTn4H8Rzz8M+qp9lV+gs744vX/Q5C4+6+2k7XiJ2c8h0Y4LoMlx/Z0rBJcrJNSuNODbcv44nbn+NG+msDxkkF8ebDO/NcGBGxJavpu+uCFR3v8Fm3VqoO+P5/fcmzROlZeuyRgS1ct1BH5bqvfefESsDq55Tc7vUYkdm8PGKn2aur6nmVvD5Fa098didac6eKDXVvcY/ZuUa92/l1jsfFMu95xh0fX6mBd1puT8ogxduE67Rqbq1U7V2LViZp0NwifKzuvRPb6b+2d7ZrDYMw3A8tKPrRjZI2UcpIRD2Ueg1GFNsjDGB0vMuOY2Bn2DHvf0UWzFjsC3s0trVL4mdB4iQZEX6R1A//4Ut02EOLDp0r49u4cEhM0E52Q5l9A6ecCaHONU11R79b0ME0VPPLl7Gcx6vOx+Ytsx46TVYYHVZOvau9ZsNoskuW+9xa2e9lQd/rqWgkJ2Ih9titFcvEjlyagTTr4AfJxW6WqwL4oHe0MMcqa+F9Dc8h9soThE7ERv55GpMcl7VWUI0Qmqsobsw3rt1uO3gzL14shda7IKMgzNyCtiJKJlf/3UAf7c+3u7zf7MVTIG1Y3YO+PY1uPyOwsmhzrYxku/JyImYycvZjyNfH6tllixzMHdp3l1+jhbuXrx9Y9S+U0zsKSUn0qBe3599Hwh7s3rOsxOgaQXnjEmpjNHafuidUUoyxrloKVQnkmOaXz6Ui1VVTBbl07I+3Cf+CRWg2ejcJux2AAAAAElFTkSuQmCC"
+    },
+    {
+        "name": "cs-haproxy-bouncer",
+        "author": "hellracer",
+        "logo": "iVBORw0KGgoAAAANSUhEUgAAAQQAAAEECAYAAADOCEoKAAAgAElEQVR4Xuy9B7gdVbk+/q3ps3svp9ecdBICCYQSepWOFEFQBMRyvV6xK1dFUFSwYgEUsYCgoILSa6gJIYXkkHr62efs3veePrP+z9pJMGDKSaLe358z6+F5eHL2mpm13rXmnW99FYHdbARsBGwEdiCAbCRsBGwEbAR2ImATgr0XbARsBN5GwCYEezPYCNgI2IRg7wEbARuBf0bAlhDsXWEjYCNgSwj2HrARsBGwJQR7D9gI2AjsBQH7yGBvDxsBGwH7yGDvARsBGwH7yGDvARsBGwH7yGDvARsBG4GpIGDrEKaCkt3HRmCaIGATwjRZaHuaNgJTQcAmhKmgZPexEZgmCNiEME0W2p6mjcBUELAJYSoo2X1sBKYJAjYhTJOFtqdpIzAVBGxCmApKdh8bgWmCgE0I02Sh7WnaCEwFAZsQpoKS3cdGYJogYBPCNFloe5o2AlNBwCaEqaBk97ERmCYI2IQwTRbanqaNwFQQsAlhKijZfWwEpgkCNiFMk4W2p2kjMBUEbEKYCkp2HxuBaYKATQjTZKHtadoITAUBmxCmgpLdx0ZgmiBgE8I0WWh7mjYCU0HAJoSpoGT3sRGYJgjYhDBNFtqepo3AVBCwCWEqKNl9bASmCQI2IUyThbanaSMwFQRsQpgKSnYfG4FpgoBNCNNkoe1p2ghMBQGbEKaCkt3HRmCaIGATwjRZaHuaNgJTQcAmhKmgZPexEZgmCNiEME0W2p6mjcBUELAJYSoo2X1sBKYJAjYhTJOFJtMcKeHOjAJdtKVotKmpC1q9r+9p+mNZ3JQylVkcpqssh2tzgvzGaQTVtJ2qTQjvgaXHGCOEEN45lW0Y870Iqe+e2l0rJn/zyqh8gWBqxZlN3IufPq77sj1N/4FVyVuWD+Y+RFG0FXPpq796xiFnTQWqd49lKtfYff7fQcAmhP931uKARjKcycQk8MUdplnUKZWaEfUNbduG+d7efyaE214ce/zVrHia2zSgO2K8eMNxrcv29NBfr8r+8pmR6kcABOj2Sq/eeErPUbvrOzw8LOiUowlYH2+y2KQtxeiNeMcQQsYBTci+6P8UAZsQ/k/hP/iHP/LG+C2rJuTLgMJa3EGv/9gJ3RchhPTd3fn3K4e/8/jm6uc9FEr1tDlXXr+s69w9jeAPrye+9fiW9GdMi+fnNVN/+cKJsy7YVQrZ9boHXxm8bXVWuxAhmprpo59a1hH8bHu7r3jws7Pv8J9GwCaE/zTi/+Ln/WpF6snHhwqnAMPCTA81+tE53KzW1lZ5d4/pTxQPWT1WvDzq829AlizMC8Cfm5qacu/um81m3YM5/cg874kWc7XZrRHupWUdgcd2d0/S93frC4+/lqWPohEFC7zq2ssOaz+rNeSY+BdP1b7dfwABmxD+AyD/Ox/x29dG739qpHQxpinodlAjHzm6+dA2r7cGACZCyNr12ePjWETeqqPF48ljjOlksuqX9Ex7T3vPatIvJ0nNxUwm2tPevn6nyJ9IVII8r2rhcLi667126grGMRYfem7jw2uycDJDI5jjMV48b0HXRV1RV/rfOW/73v8eBGxC+Pfg+i+561QUdE+uGP7SBoW5jBWYmkuu1k7pCVzp8bByoVCQOjs7lV0HkslkYpFIJLXr31LVakTPZjtUi3KBW1TCkchmL0KFdxLJuPhuqQNjTBHCGR8vB14Zm/jftOWeT1OUEbJK64/tnv2/TU1IejcI5BoAoAGgoQC19Qz/km3yL72JTQj/Ujj/dTd7aWP6g1uBu0jQjGKrYDxy7Mz4g+TuhCTIS5VOpwPRaLTQ39/fGwwGR+PxuDwyMuLN5EtHtXXPfAsxhhRNpcqot/dta8PExERrc3Pz+Lu/9FsGhs/K50qzujra/x6PB9969yyGhoaiXV1d//TFxxhz69dvmuvxiJMdHR3kd7R58+YeQRAyHR0dRKIg5g9rx5jh2U2Zj63JGR+nFFnjHUL59Hb3NT2t3oF/HWr2nQ4WAZsQDhbBf8P1qVQ18ud1Iw+sLlnHIQPD7BDz6nmHdlzQGXGlMpmMC2OHk6IQXa9no3XVYmfP6FyHENIKhYI3n682W5YR8HgcW2KxWH7nsWESY4c2mo52dMSGdw4ZY8xvGx5eEvR6h4PB4Pj4eHq+xVhGezz+Dp+D0dFRf3t7+zuUhBhjZtPg+Eyk68jrFQebmpoaEkEymQwXi8VWn883RlGUbFkWVuNxqxMh5YH16dsfHyx/QqtUIeyli1cd1nrGIS3BFf8GCO1bHiACNiEcIHD/zssqFRy8Z8XQ86+XzHmmxUG3IOfPmR+5NIQqLzEMg1paWtBkJr80MTl5Rntn208EgJJlWZamaUY0GtU3bdo018E4ZE/IMxkIBMpkrOl0OqpSLrot7Jwk/y6XcSBRSi+MOOjXd9UPZLPZeKVSaenu7l61c475fN5Tq9XonaRAJIORkVRTtl4J9zSFt/r9fnlkBCiXK8cyDEOnUrlDOI6XwmHfUA0AVctlntV14+kUvuu5ceMsygBo9ujFDx/afOKcZv/afyeW9r33DwGbEPYPr3977214G89lWpufXj/8yw0l9QgTeHFWkH3jiDbHDaJWknRJmkFzrlhFkhaG4rEXfR7PcgZrBZZVZZcrRpSJOJFIOFIF+Xhwx/TDvPoLEAhYWwYnDxHdwWRbhJ+sJBKOqqI4mnt6kgghc3dn/eHh4blut3s4FApJpRK4J4upGbM7Y+vHx3OBkq4EzUrJvWDB3NfItSMjI7woijTP86ymsbyGtcjE2OilTqdro6VqFRCMhJfii28p/LlvpqyrQLeYoNMYPK4j8JW+ruib/3ZQ7QdMGQGbEKYM1X+mI3H06ejosEaTte5J3ZxbLhVntwc9T4Y4s18QBN6yLM/IePoThUJxrt/v28QwVM7N02tpjsrzfKBgGJYWj/sm/75y6BsvDZQurzL+IEsjnaIYgUJYDUHxzfcf2fWx3rj7n3QF757h8HCy40+bKncmy2afgjk/bZk1kecoRSoL81qdfz/9+J5rWgDURCLBG4aBMcYzipXaIppiuUqttsAhiJPN8fhDPI8m/H6/kgCgqolsi1GzBJeXrzgoXy4WQ/X/DLL2U6aCgE0IU0Hp/6APUcQNJhLdplR2zpgxp58oEmu1mq9e16PjqeS1Lc2RBwWGGTFkI6xpZa5Qrh9i8qICFi7xnDC2LgNXP7gmex3n9IKl1kE3AGgawcIoeuLL588/fapTuu3JoQfXjpTPsHivaCgyEDMBTxt4SQv927Pmej+mKAqrKIpoWaxPFCkqFAo1jiQYY/fo6OT5TU3h52k3ndPLNFuMJ1PcAId6enoMIpmkUilnLBb7J0Igug0AICZT4u1I3LLfYT6d6tjtfvuPgE0I+4/ZQV1BXvS1g6nTkNtvSAYKNnn1FzpdrneYAne8UFQul4sV0ulmfySySTAEQaIkd7kmL9YMI9DZEv9zvV4HihJ9AGqVoijKEgRTqtXEWi4XXpMVPvnXrfrlrCEDZaoWEj2UgVjocSsrbr5o3pFTncT3Hh/90+rhwjkqJbIOGkDTdBAdHBwSMv9+ejd8UhTF9LvNm+Pj282UIyOTsyr12pJQk+t5xLilmMuVHx7uDyPkQp2dnSmimHy36ZHoTx7fPHBLyeK6TUtEx3cLX5kV9bw61fHa/Q4OAZsQDg6//b56aw0vuPepdfdlsLOvoNPURxdyHz2hr/XOXW9ESCOXy7kUzEVT2cycjkhTQ8GnqpIrm00c0tXV9ayu6yJN03XD4ByiVTMNntdqpumkVLVANP5/fGXghw/06/9NAQYeNJBMGixGgMPi9AtfPavr+KkO/LYnxv6ybqx4hg4cx2p1AIYD2TTh2JnBP/7XCa2X7viC704PwSSTSa6UV47yOfAWZyhUMwzDSBVqLSznVWa0+4Z2N4axEu6+8/nVj4+rfK9uOuHqQ+mPnjCr/R34THXsdr/9R8AmhP3H7KCu2FzAR/3k6W0vF0EAFqtwydzATafPDd6ww2mH3JuIyCYhhWJxyDM6Ki1esGDuc4VCwTmaLR8XdVtrkaOZ4nlsmrVaKRwO1xMJEKAFgE2nqWg0KiUAhOWvpe/525u5i4jXAjkqaKYFIk9Dp0d789rzDzmyFaHduje/e3Lfe3LLoxvG4YyqgsDHyaAZJpiYg2U9jns/dmrX5XsDg4j+k5OFSDqf7ls4b9byZBLYYm1kRgwZQ4GeHuIfYb077mJdWjn118u3PpTWeSfHUnDpAv8Np88I3XRQoNsXTxkBmxCmDNW/puOQgvv+8OK2Z8bKUguHTOnYsHD/SfObrtd13QiHw2q1WvXqui4UdLEF0aKeyYwdFgr61ul12VWW9e4j56R/XSx2OYgGL1CpaFmnkwHg4zTNyoFAOgfQYeRyUviZjcmfP7sxc5rChnisq6DrOlDIhJlBavCS42ZeMrPJ+ca+ZkT8Gn74au6NrRNqj26xILBagxBYxgFHdHmeOHue56r2kCO1p6AnjDFLnrFu09DJArLqbDAykUtl5jT7vW9JCDtnUOY21NQkEeKo1WrecrnsSyto4cYifVmyLM/UNZk6aUb8xiU9/t/ua6z27/8aBGxC+NfguF93WT1ePb9Qr88KBXxrQzy/rcUDI4nEYDuwAVExdFemCqe8Nli4rKKCU5NrlOhwIdPUwSmwpYuPCB3vZRhZVVWdKORIcJGiKIZhtOCdfgCGwYmTsnFcuqrPVauqi2WoMb8/vAVzNE8pddEB5bKHolKurtjWAEINP4V3t9HRyUWlqtZheN31eh2FKIbVy1K5OVcqz434ghva3MyrczpDK/chIbBDuWrns5tqd4yMp7p5pweXalVPIOirqoruPLLN+ZMzDm36RiKRnmtZKtfW1raWKBBTGDvTyfoxbhcz3OURtuwXuHbng0LAJoSDgu/ALibKtHQ63RqLxYbJV5SIzeRvtVrNP5atzlw9UvzyE/2l00zeB5SlA3AOMAwDAg4EXzwp1umk9Vw4HNaIyF0oFBzBYLBCRkIchgqFgsBxHF83TRfNsoqczzeLorjl3cFJk5OTbZl6fVl3LPak2+3O7JwJxljYujVxusMhTrS2ht6RUalUKvm3JZOn9cbjT3izWQl6erQ9SQc7xzM0kev49ary00NpuY2iAEzAoFoIwFThtA727yfODF7v9zvSOx2oMMZOhFC9XC4HZFlmYrHY22M7MLTtq/YHAZsQ9get3fRtiLupmscQDJ2iapQss2o0GlWJ9ny7D/8IXyh4OI3jeAwQAlXFplxmazW5KRSKDlu0KPB6vc66KKlex1VybHiyv/i1+1YkvqIiJ3BaAQzaCSa2oMnH5n5w8YymPeU7ePfwyPOfWrXxtzO7Y9/mdX2UYTw+mlbrfr+/RCSLuqb1JsYKVweD7mfCLZGVyURiSTlbOS4Uib0Y8HLreJ4vEA9IWZa1eDxulMtl53A2f8bC3u579we2mx7etmpzUj1MN1RgWRrqJgK/k4Nz+oRvn3NE55fJ0UTXqSDisAchRLOgliqVWqBe1wLxePx1coTieV43DEP3+5MywGyixCQBUnQikWBYliXWUNidCXN/xmn3BbAJ4SB3AdnMhmGIDMM0lHR+v1/KZrNBBXNOJAgUZVgKa9aKxKef5/mwZdFxWa60Gqrqcvj921jEImSqrEZRKtb1ZCQSGX78zcy3730t8XkZc+CiLVAwCRC0oD3qzX/33LZmtJv0aLubBlFUvrx26M6ZEc93eYovuOPuEiEqEm9ANJc07WY0rEUTY6nLc7nSEdFY8IlY3PuI14GTLpdVIzpKIsWQe5MYCoSc7lR+/Ji5fX0P788YvvKX4cFNGaODoVBDj6FiBCyy4MxexzNLm6zP8TxVYZ0sZ2BxhkAhjgZ1QjURkynUL2wNC3calMAAQlWRqpUxdmMF834LYxOpKtKj3hSfzdLEZbpcLqvvNoEe5PJOu8ttQjjIJSe+/zSts4bBEBEeVOBdW1OlT4zXzGMszit0O/D98+P07T6fr1ZKlVpURB+ST09eirHJCA5HQtc1r2EZtAoM5kF7IxQK3f96Et/44BuZ63TgwLAwYEQBjU1oiXjwZ05rbWsWYWJvovrOKWVL9cMmh4eOmr9g7s92aPRNkl4tFqt5XS5XPZutNMlI80yOTl5arSjzeI5NNTX5HvIEnP0cNk2KclY9Hk+VSCTDGAuOstpUKWbbvE7/5kjkn30n9kBKrm/+fWTdxgmpGyMElKUBpnDDwenM+c1PLwnLX7IslVF1tb2mU6cJDEW7aH1QA14czSsXzWsP3II4R7/IQIJIBYMl7eTVo7WPGxTn5JCWPbnXeYWX54uqqhqqqlo2IRzchrYJ4eDwA3KuJj4BgiDoCkWxVZXrfnL90D3rxqpdCueFOV5z8NTZvo8GjGKmpFinaoz78Gw6ucjnFCZ8geg6D6UOUqxDBpc7LWJ1o9frHXh0Q/4X9702/lHNpAGBBRxNAWVI4Hdx8Mnjmk7taY2sQAg19AZ7ayNp6chcvTKnNyj+GeMSliRWdblcomRJHtZkjVqt1DeeLp0bCPoeawmHV1ZkuSUxlr7G5/aPtbUF75NlGQKBCrFcEBEdZbNZzjRNUZIkf3d399Z9PZ9IKAPjmZN/+Wrmz4kycugYgYO1QNcksDANZy3ufvT4PubDomkaDMNwFQO1IF3ysEa1XqyZR42X4BMh3njGsKhJsPQRimWULTJ/2ZPbqmdrtABeDsMnD3Uujftcm71ebwOP3cVm7Guc9u//QMAmhIPcDURCCAHUqrrOI7cblRAXe/ClbX99M292yUII5gm19CkzAzfE+coKluWdDBKaCoXkMofbv5EWAwUeGZOmqXI8D5O0ClVnODy5daJ08lC6dFpZw6F0DRb53M4R1pLUkEhlIi5+yElpSiTkfcrtdm/dm6QwMJpdxOvlMu/xpCxLdESjLpL4BCVSlYXlWu4ouaB1Nrd6f+ZyubJut7uWTqcZw4B5qVz2AzRNK9Fg+I+Yp9JNgUAyAcAaIyOYfIHf2ppYMGdGy7o9QUeIoCDLzdmx1Cl1McAUa3I0W5baWIevPJHJH+9z8kmfQA13xiJPRxl9BcfpgrmdFIjLMlYx41EtM5bJlq9oCXl+xSJuq65XNIyxY02e+q+H3kx+RgYeAjw2Pn1kfDHPGenWUChLXJ2nIjkd5JK/py+3CeEgl7dUKnWTW2gaUbgLdAGzkZc2JX4wWoXZeY0Rjw6pjx0zI/JFByuXLIvrQYzYlpoYOSHk9z/OCq4R4KiqKcsBmrZ0w0BSNBpdT+5HTG8CAJceGju0r7v9WfI3YkUAACqRq5xfrtT6OE7cMqM1cN+O37YrGrbrhRrOTW9uGTvG5UcpyuGvWjLjEfVCwjRN/3gy/xFOYGp9ne2/c7lcJM8BIsq5lpYWnegYcrlccyZfPKFQqrR2tzXdFYvVKuO5piCjm1o87q6u35pcPH9GfKfJkSj33hFzMDZZPTZXTB/eGml7Phzm1uwK8dB4bnHIyw263e4iMTHm8/nWRg55jLFlKQ7WYnSOYTSNNrh0Mnmu2xtYxVvUcKC5eTKTyYT7S/SHX9ia/izl8Os8MrUPzKRPc7JsWddDpXi84ej0jixRB7m80+5ymxAOcsmTVXU2Y8oCC1BmGKZWqVSqsmW1MCxrFCrSPEnCc2fN77wdFwrNGs3NUTEzc2xg20mzezu/gUxLwli3aJrWLIvYFzUcDP4jOUk2i926PNTX1Nb9DiciYqKs1yGYyU/Ox8DjsmKEXl2T+q+KpLsojjKxxdKGVZGrVaPJJzoqJktRDKbpnpj+dHsT/6TXHUg7gjAAFZD3lJCVBB5VVbWjUNAPK5W0npXbapcCRjrFIa0sKaGIkxvULaeLZ82qbKkCa9HGsYdG7vQ59BHEMGJfR8vzRPG4M9XaTpgHxzNnuJyORMTv3ESIJJfL9VIURfIoaKZp8hSly4QgQAWYmBy7hG2ekfJivDxsyZMQjWobtoycgRiU9XLUCM/zxKOz5nA4RFVVOZ2mmaZAYOwgl3RaX24TwkEuP0kewum6AE6MVdXgGMYt7fA6rGazY02Tk8WTwmHP625KLGgsyxmG0ZpMJo/t6YnfA3UAZySSJwlRa7XaLF3XqUAgQCIbG62UnVw0obBnzW4JfQcAyJfvnyL/JnPqzFWbxj98/2ObP183eZA1DXhaBMFpgK5SgFQEFoeBMS04aZH3b2cf2/Px5uZAdipWAmK2HEoWWzcO5C+7+9Gt39JMBBalA0no6sSGKRkOmjcAKOIsqcpwyuGBB993Ut//NAcCySQk+Sa0PYvSzkbul0hmzgWgHC3x0OMAoFer+WZdN1sxzWPLolRANMnpAIim64VcegnmnZWISL3AqipXxWwwlU8vbY1F/kT8Kggx5nI5ked5DmqATNE0iEn1IJd0Wl9uE8JBLj8xxxGTF8dxYqVSqcTjcTVZrfoFg3WYpi5U5Vq0UCq29rQ1P04iEguFdLtl0U5R9I87nXS1XC5LLS0tWqlUmkekhGBwe05D8vIUCoULSzVlTldb07f39gKvGywcfesvX/lbWed8DCuApVkgq1ngBS+wggn5WgX8ghMuPqnrWyfOD387Eok0XrqptldfHz7tJ395637Z4ryaKQHNscBrCtYoLzINGbBIA8gaXHPBwm+cd1T71/d03+3xGdmjajVlWWtr613kvS8Wi4cDgJem6ZyGcd60GNWysMEjupYppGYZGHPNIf9LLMty2ybLpzsETvJy5hscxxUqJu9wglQjhOApFCTo6CA6BLtAzFQXdjf9bEI4CPDIpSRrsQNjq6ozIkWpdNzvHyF/J5LD9hdbdCcy6aPdLn7Q7xK25fP5Fh3TwZAvslW0sCVTMmVZlshxnAtALAcC4hhJkU7SDmwdnbylycf/1eUNEqvC7rIYiwghedXW9Ek/+u2ah0sm5zBUExwcDxSjgqRQQIMKFs8Aa2A47+joj648a+Gn93fKL68aP/0Hf970qGaJSNdVoFkKGF0Cg/EBTytQNVRwcwJ88PTeb553dNv/7oUQmEpFPjRTLFzU2t78MwQgFPLFEziGSvIYDxiaVvMilIZwmDh26Ylt21rqqhrsmzv3zWSyGs6X83NjIddWmq7Wdd1pEGLb4fUZoGlaDum6SWIj9nd+dv9/IGATwkHsBuJ2nEwmWdM0cUtLC/kyYRgZYVBnp0I2arZeD4Wdo4XBQedhybLS19IUfV6VNU9V1mdEQ6G1TqOuIRFVKIoKmKbpoGlD9vmiQzsiH/mtw4nvBtzOV0Mh/8MNFwcAolQkzyF5BN6OVnxjtHL0rfe88nhONl0UtoCzEFi0CiZ4wGE4oWpp4GZp+MBJbTddeFL7jVP1dNwJzfNvDp/2gwfX/1XRBJ4CChDNAKOXQWUcIMgApoMDxjThQ2f2fvO8Y99JCDtTye8gOaFW09onkuMf6uvtvg1AEfJVfQFlGHkArYxUXKUcjkq1qoVkWmAlRXNzyoTudMaTk/na4R4XGp/V006UrmiiWvWQ+hKTk5MOp9Mp6DormgwlRLw8KRBDNLx2UpUD2Ns2IRwAaDtEenpwMrNkUw5dzIFWj7rZF6Jhx1pe1xsOSoqi6A6Hg69qQvCFTckfvzVZOdYCVNMMS2A4p9dBaYW+mHv1cbNDH+EswwGgEif+uiMUmthBCFz/5m33tre1/5Z1cOspDVwIgajoWpNq6E4LQ7ZYLnkdBj/cP1E/5e6H+28yOSdChgZYM4DiMGjYDQwqgUIh4BFtXnxC23cuPWXeV/Z3yi+u2nbOjx/u/40sMV6BdoBhAbC4DArHg4gpKBkaOFgeLlzWfMfSub6f8ghRBkK0L9BUJKoPHsASBEIdoCkAvm2bB788b2b3N8m/y+X8XKzrJmC6xDmdmbzKBFZtmbh5S7J6SFGlXADYUBmv15IqwuJW4b6TZ8U+TdNyI5tzNJpvlKwrlZocqTo9a6JYeZ9FMcjvoNd3e+nHd8ZH7O98p3N/mxAOcPXJF+8LT6b1bG4SYTEMR0XMJ64+un4OwGwrmc/3sqJY0k2TmPHQva8kn1oxqiwQiPO9qYFBc8CyGPqirvFPHBNeWNMgjLAZs0zT644GXzGqyqxyXV06NDJ8TTTg67cAJGRZiCwWSzMqxzPDPMv00zS7TRSZiRXDyuW//sumH+bUGrCMCUgmnr4kjMgFtEVBjSuAgES4/MTOWz5wYt+XyNin6sBDyOnZ9emLfvbQhvvqUgW5WAfohhtkKAJHC4AsGSgUAqQX4MoLZt68bKb/uwCiR1VxtKpW5gI23Kah+zVDjVKIt1iaJzkYz+qd0XOX0y1sNutSE0+ZGd2yCpyDSui6W/nrhuQjz2+rHoZITReKB02qAcuyMK/Fsf66Y4LLiOIQDw8TOCEtirThcAjpifKy76+rP0SZFLC8Bl8+sX1eT8D9toL2AJd52l1mE8JBLPlXHh0sDFbqfoNyw1Exes0JIelzyDSDBvAzRZbZSFFmmuPE3EObpQffSMIcy9QAaQoYlAN4pENfk5A5o0X9b0DQhgC3G7oS8PiCgxTDWEDRYjKVOWbBITO/wFBUFjgu6wJilwAigRDbP7G5NyogrRmon37rHa/8NaeqHMdTwGARgFLBNGngsAC6WCMCCHzwlO7vXNhJf23X4i1Tmf7fX91y7a//Nny7hWlWrdaBE0Jg0hVgKBZkSwIKPMDiGlz9gflfOGth+3fffc8dxwWXLINHUTT/xm2bvxMKB1exDBTHMspltKUAoqHC0bgfMWL/S0PaV1YktDaG5kA2FPA6hYb7dlRQc5ceFr1ExMWSpDMh06JCLqQWZYp1JbLa4j9l3NczmAGWluD6o+OHzwzvO+fDVOY/nfrYhHAQq337s5tfHSjrC6qKJS7tDj56XBP3Px4B1RSTa0OGjEA1CrJVdv75TfOe1RlmvkmpwFEEcg8gvQrzO9iNlywKvI/HmCgVgQ6LJ2cAACAASURBVKIo3ufzka8aKwMEhgfHv9DR3fotBwAJStpjhqM1A4XTv//LlX+pkGxpNAVg0GCgGtAMB4wBUDckcCIBrjz7kBsX99DfITqPPfkf7OZlpp5YP3Lxz+9d/xue97OyVAGgaECsAaYBDSlBl2kQaQk+fPGCG85c3LLX7EaN5LEjqSv8Ae+WgEccKNWMOaZR8xsYm5ailCQNm88OyD9fPlCfT5DCDA+6UgGKQtAb4ccvOix6sZ/WxmiaJlIOMdzQMu3gMunavPs2ZX4LGlI4F1SuPbrvjJ4Ab0sI+7m/bULYT8B27d5f0I9SipIvV5ZmxtzUhkN6Ik+n02kHEoSohbEVK5VS6ZDo+dOL8pMrxrUFGiMDTdNgaW6g1DIsme1affkhnuNNkw0JAiBd15lQKLSNKA2LdW3WRGLsurl9PZ8mVZn2NswNo8rJf3qk/546NoBmGLVc0loMq1x1eX0a6CaxYtBaTaJPWNpz51FHRL5LlHH7mvaO8msk45H+xOuJqx56bMMP3b5IieFwDWONqktKGFuC1+u0Bi2d4QVaV04/se/mpXOj+8xuNDqafD/P80o06n+5kk0uYSyDB0FMGBquaMhZf3RL4f5H1+ePIUcGDUTwijSYqgydfjNxzXG9x7VFhUESvk2sCjW329lwSFAUZd145soZ3d2PKZTAzfSgLbtL4rqveU/3321COMgdQMTh9GA6WNWqXRG3sBV5yVHfg6oqBC2lzI2UpWNe7Ff/d2PWiGqMSjyLgLa8IGAFDpnp2/TBBZ4jiMig63qRoihE8iEQCaFYVRZVqpUj2psiP5mKO+7OzU/+v3zlpktFkZpYPL/v+c2pVDtvMXylUG1/883155xw1vE3tHg8FWKvHx7GQmfnnl19if5grDzmXbd844dDoZYtzc2xNe3toUbKtOWvb7hIVdn4yUf3/Zxo/VM18MTdiMQT7LNlMoWjNU3vam6O/DWXyx3DcZahY97EACWd57NPrMrf92R/aqnIcZpi8hwxcZLkKq0+qnRSj/OmuIdZGwj4x0SRqiiKwhAxQc7lgjKl0L29h6yZSpHcfQ5ymnawCeEgF75YLPpIbYJCubbUHwwnnBwql+tKV7mmzQSpWvQ1hV5L5dHhqTqabVAKNkydpyyHt14udTkcinRMb/v1CGnIsqxkNBolbrukOKqQyuYvkTQj3tUcvXV/zYQvv7zuuljQtapnVs9q4g8RCASk8tiY+9WB5JWjufrs7t7o82Axhsh6qowpGxSNLbPhBAmIxoAxQ2PKNClMU8z6zfmznZZRuuTCJV/ZNXDorbcGTkjl1MUnLptzy/5CmM9X55SrleM725vuyRalYxjGrGoG+GnKSvIUNbxiMP/5wYy6JObhnzcoCgkMzhpAh3xOPjEvRD1RLBZ7Kxru9Dq50UiAW2+wfsfg1omPxmPuP7ZE7UpQ+7seu/a3CeFg0CNa7lKpizHreqZsnJ6va0dFeHqDrKouzhVItoQcf6nX63WSQSmdTvPk/yQ4iRgbxsaSszOF7KktseannU6urGkahTGuhMPhSSJ1JDK5S7CF2dZY+Df7G8H32LMrfzJzbtNdXdHW9YQQiImOlGR7/I3RK2/99XO/El2sioClLUyBCQap0NwIiNoBBfk3UVaScVqVepG94sQlt1977sL/IWnVdxZ1HRzLHb5ucNsVFxx/5H/tL4T1er1pcjJ7bk9P+6/K5dwcBjOmalkiTRsZS6oZE3npMM4XT3hZ462dWZCI5EPSxQUCKaWa9HsqNN1czuV6kaWKOudvUU1XV3er8IOAyzVIjjm2H8L+rsr2/jYhHBhuxLW4kQsxUy73OLWylKtSS9dtG7l+blf0tx6fb6VF0wYLxZKCmlDcJyR2mvlIqTav10tKssUnS+rZWC6J0XD0CUFgGrkDvV7vaCM1WCp7Ms1w6aawb/X+DJGIy489tvbew47quiHq8w3ukBDqABvpR1Y4rvrRH9b8XEMqGT8YgIFtOEXuuamMAR84YsbdFy5t+mRLSwuxbDTKy09OqrNe7H/tS5ecctwV+zM+0pdgt2Vg+Ly+ns6HSqVUK9IoWhdFxrIso5JM9GRk3NfW3ftYi4cf39VlmxxxOjpAzWazTuR0enDdcIBec7++afib4WB7siui/Dzc3NuIrrSPDfu7KjYh7DdiZCMPwADlzXrZcLhu1NIhD3a4zFxxcinHcTVV1ToDXu8an8/ZKGC6ry87kQQ2DqY/7gqgNW3+yEpyricJVwzOcAwOJM5r8gdf9zG+YYXBfopCLEe8dEyDt0RLNXSDcWiOlCmYutfrJTERbsuy3JLBBZa/tPyHxxy58LMiy74jueqLmyZP/eodrzyhmAoIFgKVpoHFe3fosygDPnTK/O9ee+bCL5A5kWK0oVJILEt65/MrVn/rfcceexVFKfWdiV53Byr5uhOJI51Os8SZqFr1utdszF87a2733VGXK73zmolspa9ezLb29nY9N9UvfLWKI6lqcqGHFlNqvehRAUSvK7Je0Czd3eyuwgAg1LudxOy2bwRsCWHfGMH4OBZdrhI/XKJOI6nPDIt3etlSP1IUxHG84Qy4c2GPZ0iSIJrJTB7b0dH00FSDbEpppTtTz3cFO5tWBhGqVFPVCDgB3uwfvmx2e+9DBlMtIKR4TIEzHNhhmmbNpVMMizDnQQYlWZZSUlW17HK5eIyxR9Jx8/KXXr352KMP/++WaHTLrhaK59aOnPG1X738qEkZ4EAcaBQDltFw9ttjI5LEB0+c86PrzvtHDAQJ6FJVpvO519b88OSjZ18Vj9dTCPXu8aUjRFoqgVNVa1w06iIJXrnx8fRxra3RF3YNtBoYHV3kd7m27Y1c3j3QVKEw10SIbfb71xLdy5ubNr1fV3Tk9oQGC5ieqSE6YGKr5uepVQtbQ6v3RdJT2A7v6S42IUxheYeKxfZKnel6sD/zSKWsOA2GQsfGzHtmN/N3zmvveWOn0o+IqRMT6TOdTu8Gv18kov+U2pahoWNqluU8tLv7+UReDqmWLqYnE0dE/LG1glMsKWo96uCg7mTZDCgln8zyImadGSfGVqHgkTo6wKilawGDZ8SaYnS8/Opr31p25OL/Rgjn4vHtwVakLV87csYNv3yxQQi8RYOMUcMMurfGUACXnzDn+1efs+B60o/EDjAMQ2kaanr+1bU/O+64BdexuyhE330v0j8er5uZjMdX1Nioy4ELGEt4Ml3p8rNsbsaMGSQvAmwdmZxV1+iWhTOiT08JtB2dtm4dP7+3t+XxnX4aFYyD1clJR7KGFj26NfXDfolvFxCCpU3ep09rbjp7b1aV/Xnue7WvTQhTWFmSLKSou7p+8MbkeqVGATh5uKSF+trphzfdtFO03VlPQJKk5sl0+qTujo57pyIlFAq47c8vbLp75VvDR4aCgaQmWYJJYQ6bKiUgTiZeBBSNmZlt3o0nH9b7GT9Xz+gcp/p8vnoulxNIsyzL1DRN0ADclYo+d0P/W/99yrJjPgygFHw+H8mI1GjPrh4576bfrfgzIQROxw1C2K5P3HOjKQ0uO3H2D649e8lnSK9hPCx0ok4lk6nFnnp1+S8Xz573XZfLt9E03fXW1nc6T+3wZaCJQvW1LdWblq+euJzGUNcxgG4g3kszOYPVNbcgSplSOhwNBnJXX7josqYpkimJHNU03BSP/6N+RCKbncGY5oQieCO/Wpl8Y6hcD1gGgiObPC996ri2Y6ew3NO6i00IU1h+ogg0WE/ox28MbaiWLVHlBf6CduFXx3b7vxqJRN6u3Exy/pG4ptFE4pxwILDS4WiUOdvrIZ2IuTfevXrNG4PpWZqhAm3yQAsMGHoNRIoEEvGATQPmtTsmr7tw8TkiW54kCUlV1YwKApM1DInneSpP1GgazQlj45nTh4ZHLzvyiEXXc4ZeD4WaGl9g0p5aM3bp1+9+5T7VUhtBScALAObejwwW0uGKE+f99LpzFn2S3GM8l2vmTJPXWNa1clX/jbM7m+9qiYVXKoqihMNlPZfzccSfgmVl1jAcRpWqUlSVUp7sz9/x8HMjH2RYB6jIAE2jQDQR6Oz2SElgAfwcVfv6J5cu6g4L+0zgSsYyODZ2eDQQGHPtoocg6d9CodDE4GB2xm/eTL6c02k/IJZZ2Op67Jojm86cwnJP6y42IezH8r/w5tilHOerFgGOD5jFzSKuVLrat+c7dLvdJIFpw7NPluXmfL7S1NISfX1fZ1aST+EHv9rwyoZkvQeRLzc4QFbVRj4DQg4aZwEyLJjVIiY+ffnSUx1CpUirYtiyrG6eR1s1jfZgrBuKIrkMzIubBoevz6ZzC3q7257QlZJmIKagK7UC1vn6pnx14b0vZa9weZ2AFB1k0wIG/VPh5ncgQkyTR3W71x03O3wfQ2m0auEml+io8aKHfnPjlg/P6Y3/prWl6RGOpyss8DUS2kgaTxSgBqcydU3ytnnLdz+y4Rd/fj5xDUngorEyGBYFDpMFnQXAigI0L4KHQtI3rpl3TG9H+B15GHe3RERROTaWPKS9valhhdmZqm0smTxcy4y5q5qDNmIzdagX9LpFR7y8nljYHW9U0bbbnhGwCWE/dgcpyuL3++WxstriYKuyrJpBq2L10jSgYNC3UhTFndKCMDY2uaCtrYkQwl4/wRhj8aY7N6xasSU7h0Tp0YYAdVUB0U2qnXGgoBLwjBNmtTgnLzq1+xMiLrKlKlxWqcizTKVYq0tcwNTlmmHqmBdd5vDo5Gyn003P7Gt/jcP6ULwj/nuHS9jEW4Hya9sGP/Dd+1f/wgQdWM0Ci2u8tntFgGE4uPT42Xe8/+jZX8C44B5N5I+pVirzVc3semvbyJk0suSmpvg6RZKcpmUihqYZUXQYHq8vxYv8UJPH/5iOtfJT67JfeX515VyipNSZKhiAwGnyoFMa0KS8m8lBzCmWv3hl1yl9Xa3vKCG3uwEmk8UOl4upu93ut70jy+Vy7+aRsWuag/57m5ub+5PJJE/8JrZhzPcAmFM5wu3HdnhPdrUJYT+Wdadtu0EM5bJaDQadJH15rlyeWymVYm6/f2vE6yWxCJDNZpsMw+Di8fjbSr3dPWoSTzpu/0lq3YaJeq9m5oAxBHA4nVA18oAMF3DERwizEHVr5tJ57KMel2oC7Wv3eUIaQ1Xybpd7G8sxG50COy46PaW1b26+zeV2TXZ0RG53ATPq8/mID0TjrX9y9eBl37pn1e8NpAOrG2CyfMMfYa/NlODacxbffMWph3yV9CNmUY3ReEZjQms3D9/I0pTU3tn+Cx1jC2saJ9Xl7ppUnyXLakxVVaquaZSu17LrR/EJG8fds7GBAbN18naCQyWEQOIvMKjgAD9Dqzd+qm9uTyQysK9l2TYysrC3o2Mt6Zcn1pVEehZN06ZCUwG3S+hndV3eVX+yr/vZv29HwCaE/dwJxISWKattrCXlWE3j3bFYBmPsaqRHTxfbdamODNYjrkpaV2u5UT8db85zhi4xLC4yDKueMyf8/V2lhizOur/947dWbkpasxhaAaNeBUH0gGZhQIgGMC1ArAaz2yLD157ffWrEssrYYVlqzdtB8ZZsWYpOaiiQAiomLXIvv/rKz7s7u55ujUYf4DjIenYJZHr0tZGrb/ztM3fxvAi0KoPOuvcpIQDS4LrTD7/l8tPnfqkhmo9jsUonnTrPCxsHRz8n1aXWJQvnfg4ACt5qVSm73UTJSdyvPZIk5UjdxWg0qv/04XV3PPxa8kMixQPoCljAAPkPmwxQSAad4iDIccqN18ye390aaZDqzvbcQOnaQllq00AgylaElCojmXTzYX1tv4xAbYtp6qzTyWRJQpR0uhYlUeKkYGw4HK7v68i2n8v/nu9uE8IUl3hHFiOUrtWClkK10WytwAOPfT4fqeD8dsIR0u+x1WOf/82K3LdFjgUwvaCpFeApDVqbgoPXHd9+vBCAsp4uB+v1fLBY1zsfeKb4401JM4aRBAJFEQ08yQ8A2KSAskwwaRlmtvhGP3PVgsM5TVMDAUnP5QJ+AKnK8zyvaRpvMAxHvP5fWrXqtq6OzodiweByYIx6fBeR+qkNk5ffePezv7OAA87SoG7xwMOeTzTEAqEjCq49ff6PrjptdiMXI5lroVBw6rpujmdLl0xmS8ceceiCb2ClVNN1vdrS0mImAGhUrTqa3W6SAbmRt+EXD77167+9PvEhhnyDiPJUcIGqKiBwFOhqDUyWg4DDCZecIH6yMxZ7TRBF09WMBo2iO/DbVckH1g5kFmu0h2JpUjFGBhqZsGxm6MELFwY/Wq/XlZ0u1UR6I3g0ciyGQtJUE8FMcRu857vZhDDFJcZvYQ5mb4Rk0s+43W6XjBAFJuMKe/jxd/vOP7+lduWPlifvoSkWOFwETLEAlgEe1pKuOtT9gYBbSLl4sezxBIuqKrO3/O715VtzuEtWyo0MR0Bvz3jEAgckMpjiNJjbFRi56vSus7ta/P0kxDoajZK07Nvl/ZERruTzCaRK8ksvrfr2okWH/1gQrK3kQ73zRSHd/vba4HW33vfi7USmcCJLMWiHQKwIezo2kL8zFAVXn334zVecPKNxZCASEsBGRCow9785cOJgInHyIXOOu2EfUZPoZw+8/run+0uXkeoTqlIDzuUAkjCGtVyADRlMjgWfwGpf//iiOT0R78BoPj9bq1YFoyp7ftcv3zFQQjNowdOwuBiqBCIDcP4hwdvOO6Lts7suYSaTiZmmaTIMQ/Ja4h2JWKl9WXumuA3e891sQpjCEpOIRtXn0/VKhW/xJGoIzdHI30jogd/vHyUVlXb1CHx5UDr/rhdGHtIVmfgaA+ZdYGIT4n6++PkzYr078xGQr221Cv6v3/XSms3peisplQ4GBZihAFsKUDoFmGVB1yowp801/In3LzmjI+4e2vVZb+G3uDlojkZcirly2LH8mWduXnr00V/vicUasRG7ti1bkouf6U9daWKEkSphTAmggL7dMwkTO+R2CcDCFmEkCpsWoymy65TFvfcsXdDxlx2/v/1yDQ1Ntr+6dvVHLzv/fTfs6UtMrAEbAain7l31u8dW5S9yCl6gsAYK1oCjDVA0Dlw8Awbo4KTM+jc/u2xO1y5+CJkMdt3+2vDqbWlpBhCvSssEi3UAcZ+4aFHkp+cvCjXMoTvbjlqbDZ0Jy7IM0SOMl8sBxeOpe7NZdn9T0E9he7ynutiEsI/lnJwstq8tS58Bk2UQY012OKk/zm6NkHTqHoxxsyAIhYpstAi0lJUkyzJNlluXlD/0hzXFG1iSIJl2gMWJoJsGNPm4/JePbe+IRFCjLgI5XlQq4Ht29ehXX35z04Ven3cYGwxdlWtet4MtgoYdqukIMTSoApUvtnrx2iVLZvxCody0pkgiQ9F1AB0YQCqFECVrlmtd/4aL5y9Y8AcPSzeKn/L+pjSwIHQ4obCvRCv72tlbJ3OzagbjRErNoE3VVCgQ+jdse98RC+f8nsOUYjA6Y5qcSdMUjWhGo5CC6gYX3rru9TNGctZhEtvkMWQ9yGJsAsvpplRHlNctg6S6CvW8u7uldetFZ3Zdtesxh2D01UdGtw2mpS5kakAhBBbrhHq9DucdEnpyWav1eUGgSzRNq6IompW81EMLuMpxXEXX9YKGUOytPPUJIjRgy6r1xehfzohGh/Y11+n6u00I+1j5NRP6SX9YtemvpZLm5Jyssazd89OFvHFrgbUOZwzc6/f7J3mnOMyZ6npSTYjc7tktlat/+Wr6LkvTwEQKGCYAMg3ojoey3zu/q+XdL+ZYKjW3VJEC82d0vTg5iR2msyIImqarKs+xrMzoomgwkkRPpIqLn3pl9cffmuSWGqzHYakI0SJW5brEOEVeIhmdqzVFdDgcspOnZTA0oBmlZCKKPe6Qlvs/cs4Rnz/Qjf7SqolL73ti7c15meqkQavRSJM1hKlCBQUDXlcdm6pO0RQwrECTClQ0gEXTYLY5qxtOW9p5W3DpkscdAJRVLPKWP68wpZAoqj49FkMkTyQQslFMOjK/1b981zESieXGvw1t2pyq95KK0ZapA4NIslkLLjg0/v1zDos3XKpTKey0rFKoXM4u1XXTgykssxw/mVSFBU8OSd+ryRJQNAunzQx+7n3zorceKA7v9etsQtjLChMz45qRyin3rJ14oqowAAILJ7UL9xwVUD6GRDHupN1qKOQg0Xokmo/UAmic6V/elLjy2SH9my7KGjAMlw8wFkxN4kWRq1x5ZPNxfj+Qr3ejLBs5bmweGDs1EnAtJ0E9RFeB5iBS6fht0ZwUKYnH3VkiPr82sP4jP/rDylslhmGQgYBjeFClOgg8CxZxRaZ5UngWeBYB1jUwKTcYGODsJW0PfPmKIy450A39/Lrhi2+6+/E7yjrv5YhijwYgLsg84wZsqoAtnZwywKJowBgBSbhI0ju+f+lht5991JzPE7fmHcVqSXUlMm+CGcm98LZn1OaB0aP6urU3SKDUDrdnlANwPvJK6q9bxrOLBHegyCBLogzJpClK6IvQz563uOtTu1ptyuVyQNd1sa7rPtAAD9XMY/+4Uf55WVbBonk4d77/R5fMC+13sZoDxe3/b9fZhLCPFduUSMy4Z01heVnlYgpFw9kz3DefPy/2VYwxn0wm6V2VdsT8mBnbFuE84ULN51NbUeMlaFggxrLZpkRBOmlpX3sj5+DOwiVbRtOX0Dw/2Bv3v7C3oZB4CpqOUv2ZsVO/d/eK+0uaSbPAgoJ04BhqR9QiBUYjrwkAi/B2CwWigAROnzrPf+8NHzrp8gPdoE++kbjyu7958k6dD3KmqkFD7CHHIVQHbGnAcwwoqg4G0MDzJD27Bdgy4Lxjoz/73PtP/sSO+RICeNuV+92FYNNppVuqDLd29s56Bxbjqdq8UjHd3hLretnvR2/XbiQEMzAwuigY9GzcWYOBKBWxA2MHdljVarU+ni+d+qdt8FDdopFGC3Ben+t/3zc7SGpC2G03CNiEsI9tkahUgrmC0oYoRke6hurlQjTscY+Ewx5yJkfEzr/DJOkZH08fK4qOLeGwZ8vubptIZGfIcq2pp6fjRSJV5HLl+YVqdWHE3/KnXTf67q7d8UKh5W9uPeum32z4M4l7MBHAdplkz43QA0mEct6RHXd87gNHX3egb8Fjq8auuu3+F+9Q1IY0BBaigehIrB0EtKf7XrSs5/ufunBJQ6yfSts8PHaOU+RSLdEoqXhtVasQGE5sPXP+rBn3704HQuJHhseTi1wCk4xEIgPZejbuAAfU64Yrn8/MVDBr0S5HVcEUy2JTDjPilpaWfSeZncpY34t9bELYj1UlYm6pVHKNj48f6faHJYbnxJZw4DmSJHV4ePRcvz/0hs/nXL8nExchjsHB0VNDodhWnueN0fHhi4Kx0CNhz+4JZNehNQhhAJgXqlvO+uZv1v+JEIJFIVJYba8zoBFqEMd5Szt+ev3FS9+hkd+PqcOjK0euvu2Bl36hasRDAgBTTIMQTHI82Eu7eFnvrf914WLiuDSlRqJGN27cdlVzc9tjXi+f2DI09rGgx/tiKORduycnI2IKTSRSC3mPo8iYpmCaZlsmVTiKE9i1Lpf4QiwWI1IFoU7ivrwPCp3SMN+znWxC2I+lJS90LpdzklimRCb/P6zoiXTFQj+bzGaXeUTxtXDYT3Ij7LF+AnlUulCYXy7UT6VZSgTE5LpaI79HCDUsAntrOyQE5vn1m99386/7HzSs7WXZLSK6761ZVoMQLji662efveSoT+zrOXv6nUgIt/5h+R2qhhoSwlQJ4ZLjZ3zvk+cfPmVlJtEd5HLlhel88eJYtGllLp88oq+7/RaEEAke22OrVquRQqF8GkZ0e71WO5JmIBXwBe9mGNjg9ydlYio+0LlPp+tsQpjiapPzKsn0Q9M0JViCUwKtb3gy+R2sm9aMGd3f9bnFlwCgvLMQ67vPx42XqOHUA871/dvurUr1lkWLF5wjABB/gYaT0d6+XjsLy27OVN5346/WPaCbWoMQ9iUhEMciQgjnHtnxk+svPvJTU5zuP3X7+4qha7//x1d+qukUQxyWpn5kmPH9T114+JSPDIQQZBmaEqnUpyczuZMPW9D7WSfPk+jHnVWriIRC9BCNJLC75KOgq1X5iNVr1v7K7fZQzW2x3zs47skygOU02GQgIGZ3zc94oDi816+zCWE/VpgoEsmmIi+7LMvxyUz+i9WKtMQwtFJvb8ctpqYRV1niY1CxLMtJqgpRFFU3TdNgWVZWFLNVM8354+MTN9SlemDWrDk/FlmThO+WMMaFQEAdRmjv5cxXbB09+Wt3rnlK0eQpSQiIRBdiC84+vPVXX/7Q8Vfvx3Tf0fWh5zd/+sd/XXGbabENreVOQtjXkeGasxZ98cpTZn5nT88lRFsoFEj8Q4xETlssa6oGdI4n0l8anUguWLJo5vdFQVgFpllhGCavaVoTRVEqTdOGZTGqgSRGoAXJMCCcyeaudDhF4n/g9Hq9Lwf9nkd3VMtW9hV1eqC4vNeuswnhAFYUZ7PusWr1VHcolMImzMgVCidVy0Wmu7PjZxjjnGEYSjgcTqZSpTBN6wpxmJFlRFOU4ksk0p/gHY4gTTOeXKEwc2Zv552A8ISpaZMURQ0Eg0HiCr3HtnLT2KlfufP1J2RVmpKEwNJ0gxDOOqz5zi98cNlHD2C6DQeqB1/Y/D+3/3Xl90yLbewZE6gpKRWvOmPhDVedPnuP5d1IBSZyBEMIeRs17gCcNUlfmExlLnJ5vDlFqVDtbS03MwBljLFpGAaRskAQBMk0TZ5hGMOyrNax8YmrRYcz19PVfouqApdMjp3kcAj90Wj0lQOZ83S9xiaEKa48yVtAPmA5AK4yNLY4Hg9vFUUxm8lkljkcHjWXyyzL5Yuxttb4z0mmJEmSEIk7Iv705BEkzqBWU3qr1fKSaDS2heH54NDw8Cc9HrcS8Hifpyh6OcuiomSxcAAAIABJREFUEa/Xu9fQXyIh3PCLNxoSAmJJktS96xCIhECsDOcsbr3ri1ccd+0Up/tP3f743KbP/PThlbdamEONFO4YNQgBb9cx7rFd/b5FX/3QqTNv3lMH4jdA0zQn6XoMGYbfArppcHDo0tbmlicFgRsZHk9c4PV4n/N7fK9yHDYx3p4mmtR1JMcGXQff+Pj4dU63oxoKBB8PBLwrCdzELySRSBzj57hNzkiEKBWJO/PbBXIPFIf3+nU2IexjhUdUPGt0pHBRRVLaOQalvDzaNrcp9pjT2Tj7c8Vipo+ieFbD2JTKtbgsa7Qr7F3LW1a5Hq4bTIL41QE4HA52YGDo0nh76ysOxmlSlB7CmIptHRj8WGtr+7Net/svimKUwmHn5N6GtGLLyBlf+fmqR1VdaRACNveeRp1YGbYTQtsdn7/8mAMyOxIJ4Y/PbvrsTx9Z+R0Lc43hEQmBQ+Y+rQzXnnXY1644pe/GPc1pR9JWD8dxTpMW+dGRoU/xLF2NR0IPMwyTq8oQGBnaen53Z89POc4qMAzD1mo1CWMc5DjOGB3PfcAf8I743PwEcFwl4HJt3uH4RJgKrxooXlezzO6cJHc6GHpwVix411RTtL3XX/7dzc8mhH2s+kBBnXvbs/1vlKGVp6kaXLskdtExLY4/kcuII5KWTndIPE82X0llGLmaSoUnytKyYS10SYC11hsGDmq6jEFXsWqh+JkLYpdhzLl4HjDSNDop6cuSmfzpc/vavwSaViX5APd6ZNhaPvNrd/zlNwWJCoosqbyEG668hq4CJmK86IC6LDX+5hQ50FQMJo3gvCNaf/bZS5YdsJXhgSc3fOkXj6/6et0SOQ5bQJO4AkYADZOAIw04hgEiC5FMSIAZoHc4Rl15wawbPnT84j0eGQghCILAmmbFIWliVzYxcVZry4xnKLc85jJohRz+H12duB9TnASCuywybIqxFF0yqQ4vpw/0+Y2HnE7nJCEHEmwWCARI6vm300ANFWrzf7x860sZPe6xjBJ88tj2i49ucfxxOr7sU5mzTQj7QGljXjvizhc3P5NTPE5s1eCC2YEfHeWlv/3/sfcdUHIUV9evc/fkPBtmo3aVhSIKICQkgRBJBJlgk2yiEWCDE7bxbxtsg7EBG4tskk3OwWABEgIkJATKeRU37+zs5NAzHav+U6NdvMiKCPyBmD6Hw8J0V1e/V3276tV79yIn60W0fQKlhh20xdHCqPIWXac7ysvL1XfWhH/x9Kr079SCBqbDBUgrAIdV8FgZuHZa3VinSEVFIEmMqg00oNri+VMkgdta5nd86Ha7P83E21vXXn5v00/ueXnpzRrjsrAUDYpOchMx0AzJUiKZisSlNCBTBVLLQDM8IAbg7Mk1f//5Ocd+7iXDPxesuemxN9b8Kkc5REJrTshZNdMERrAAmYOQug1SgohpGgwTA0cyJMGEa0+e+IfvnFJfLJ3e21FUcc7l9ITDwe/s7J7js7E7LBZ/knWgpJGh3QWaZ59Z3vnW1kg+mNJoEFkWGFMGAsHHDwm+dvFx1edms1l7oYCcokgxDoejtVAo+BOJnB+Aym/LUnOe3dB5aw57QWRUuGRcxQVTa6WnD+bl+CaeUwKEA84Q8PB/r9o0ryuFBtqsXOyE4aHbJlTZXk0pSlkmq54fi2Ynmwgjkc4/x9F4vQiQXZfmr3quSf+5qpnAG6TAibACmQQQ5OuOD472cKiLbF8KgsDb7en8qqbMWeF4umZwVd3rVre1qGQk2+1ZcffWGoQAUCoF0qam1Sdtb4tNbIqh4Sbt4AxTZQTg9OIEnqJNXTelzkh0YHl5+VaGxgZS8gKiGKFgapZjBnufv+j0CTcTmbhDjbiTHIgPPtoy+/01XVcotMWCdJWnGcMgmRCdHZnBleX+rRhpFAYKUyyLDcOQGKAxNnWmxq1sPu/4o39RUV/R2pXBPhNnUMjhyIXDRbJlnGNTQd6QuJScGRCJp48bM8B+N8/zqgKK087ZCWriu95p/WhHAhpMRgDDMIDGRjF+ceIA/uUT6z03FMAIyrLciAxzsMft3kyLfIRn+Ha/39HVFIPxb2/a9YeuqFIrCGbqtDE1P5sQcpLdh9KxFwuUAOEghkU4i/1gA5AADCcA2VosqhSRzEVZTg5NF6CGYpX1UAA5n89Lm8Jw7Uub1Z9RyAQVYzA5EUiCXMBG538y0d1QW+sPky+jRmsuvRAIvfzelofXbe8cLElSnMYCwgw2TVRQJCxig+UkmtYLLiHfdcww37Ozpo16mKTw9tcu7CsEikajlmVr1l86esK4J2p69Riam5OuAmVIEs4la2trtQ/X75xJS5Y8Z2qGhjFyUGyx2pC8eCyHEcLcp5l8pLoKRENzACRCoVAqEon4yvrxLISzYf+Kj3ecc/qMyX/vL1ZD2iM5FWRLsTsHzgVvvnFjLO9o2JUWxyjZAmcVuKxm6rxFgJRsKhZG5+m8rrq9Vsm49MyGM4awlWtjtla3z1eTSKVS0h8XdG9uSejlLGBQlDwwFkJFAXB8Nf3xtErmRxaHNcXzYl6SKIowWO3p0p7dFHegApikvuQgXP6NPaUECIfp+mw27Nd1QWIVJa+wrEIION7dEP3+wx+G7ydTekwhMHq/bA5ex1eOEWYFneJ6N02r4HRCvGBpePjlVS+vaUmGyNdP5GxAsxyoWgZ4YMEQNdC1nDm2MfD+Hy+fftKBKMFenv/uz0fPmv7XOooiyU6fHiQw+PayHRc88taGeSrinaApMuYkC4ULJJmKvPskMapPj5L8TWNSKqFozBmTBs777lkjf00i9f2Tpwhd2YfLN31/9inH7TPPoBdsmDueWPzcO+tSc6ySB/JyBiSHDfRCBhAtAI9YYDgBRKzA9Rc1zqqocK6wkw7naaa9kBv85HrlzR3RgoM19aLSlMFKoOk6nDXCO//CSf7ZRBWa7OJYLBazP4fkYbr2G3l5CRAO0+3xeD6EMWCvVyJ04LilpYVZH8U/fWpD4RayASAqaaA4sTiQHRZGOWcI/T0rR+U0pFEGYkWHyCtPvt1xX1NEDxlEQIWWgCw1KA4B6KSi0AGGmYeRA+zLb5977KQDdffVdxb+ctzE8Q/2sTL1P/+Vj7Z89y/Pf/yoqlIUpytAWwgl2f63LVUWwTmT6h67ZNqgH/j9fjI7+nRbY1tz94TW9vZJJ045+q8H6tezC3b8/p8LN9/E0Hwx4KkgsmVqgMgiMFQVDIYHn90Kc8+pOq3c6diRLMhD86lYOc9Iqec3Kfe1psFJ81LxWl3TCFTC9Ebrwjljg98ipeCOXsJgh8MRO1BfSr/v2wIlQDiM0UE+YtFoNAAC2LGCM6T6MRaO+XZmqdOXRcQb1WzW5NxuRlcVmsV61uuyJeaMtH3bbuOjOIexpiXtndHEyOfejd25PYZqCckqjzlQFQy8pUhJDFhlgBUYOKrB+cFvrxh//IG6u+C9lT8f3FD/ZlWVZ0Pv15l0q7gMeHPJ9ovufOnjxwHzNKPnitRuCvrPtuWe3IrkvxkO4Ozx1Y9/69iauVVVVZ+Zbu/a1XNcezgyfuqxI+48UL+efqf51icXbvwF4YxkwATVZEEQOcC6CQxHKNUocPESzJki3hRyubfzNgkqyqyrNIWzvr459c9wUqnVKMFiqqpuqhndYXfB0AD71kgfflCSuAxRb+J5XinNEA7kif3/XgKEw7AfAYRUqrtao+wDw+H4IN1UuwZIzEJ3fX12VWtsKiv36D5n1RaLxTDIgjqmchWDKhxNePt2ARoaSPIM3hVOVj3w4o5F6zvlAdhMA6EppxkLEMl2ChDwmAWT0mFQtW3d1WeOP3dASNzWP36wZ/cXr1hzvd3p3j56YG0xcEZqIPrW968v33XRH55e9k+aEYHSs6AwEljItuF+DtPU4YIpgx6+5txjSA4DCUh+WiS0qmn9BbJGB6YcNfwvBzLj3+fv+turSzquo1QEPKUXt0LJzAdwACg6CZhnQdRN+PUVoyaFPNxmwRQsWMqaVJ6mExQ3kEJIM01W5ykcTyYjA2Ta6qoMWFboWcUny/lGjmMZm9u2vdznI1WRB6j4OlBvv7m/lwDhEHy/RyCP7ACwLV3dF8RjifEel22RVRRXa5rWFQqFjHXrNk8oK/Nu6x+E67tVXzvkZW0ON1fc93znG5u7jOEUIwNtIMDAACMyoBRMIEWRhIEo6FAzk0cIz9glLauZUpXV4SiITCEusE7FbbVu5QU6zot8eldr96kCI6SnjB/0N1J52as2RajdmFeXbr347pc2PqyhAvAGCXbu1o3c30HYkC6Y0XD/1Wcfd31LSwtdV1dXjE2QnYcV63ddSXOGXj9k4AuQBMizWZY2TVsulyvTVdOj65okK5JXURJ4aVPs/JWb9RmmbgBIJCYrAK8JoCMDOAIOjBUcLAXXXxA4cdyQxncjkeQwniecayhIYpRGkZJNTGhYQ1gDFI50jS2vr5kvGIaGEKqIxdLTcnm5sW5ww11uUewqqTQdwsDud2oJED6f3YpXdXVlJsfS4emCIMQ9dutHkiR1FQoFUvjkkWXV7nRa1/VnVNrzViSw35nNOu97dOuS1a3yEE4wgNJN0A0MnIVoOlCgm2ngWR4mDAksnHvmuHOdTshGM2qtVkA+Q+mxxLJ4OIUVNS/LLgMDtbOl45R0Ousd1FDzb13LcQixjEAZHXaLt31jT3b8k4sjP2RFCjgd7ZaDP8AIoICHE0Y43ps+svx+La95rVZbrqClXQgz1lXrd1xmE6V8bU31m6ahCwwGzHK0yfKCKfJ8lmbFgl2it9G0mX5rTc+Ni1cWZhNCFSwqoBgmWAwWkEUHpKmgUxJUOhxw9VnBmZUucSnDSI2iSEtIR+OBAjcC5GEY1m9g9A5CqDvekxglWq1NdhffZBZMnmEkTVbk4RSis7RIRSr9/o0RACEIkO+d2ewf+Q5jHBxJl5YA4SC9ubNLG/dua+pPSHJKNrm7fWSAv89rFZsZi8baebsiy7KV4ziTYZhsR0d4vNUqtphm1Y4D6RWQJcPfnvz43ztizDCK1oEhym0MW9xes/BCkaPQUAowcXBg6a+vPGbygbq7vT06tbW1c8bYYSPvYtkc19wdG4q1vIILLPdJW/dpjy3suJERoDhDUICUT++fL8QwWThhmG3JtBFlj3IMB16vpw14pFsFh/zJ+p3XD6yXXhk5cMh8ao9djT37+fjbG//yyoKu6xFmAUkqFDQF7BQHBUwXCWhJwNDDMfDTbzfMqgpYN3GczWYWUuOB5W7GFJSReqZimxSzGTC1JJPLOHPZPOuvKHtKYtQtCCFd1wW3z+ds6u7urmlJm1PWxqgrs6zdL1Dp5hMHha4f6qIOKCJ7IPse6b+XAOEgPbx4a/zyx9aEH8oyNqqBl3ddNaV+Rp1baslkMl5GVXmdQ5ai5nFxp6H91GDQ96+ysrLWA3AcUM0d8ogHX1v50uY2pcE0SYUACeTxoKoqWDkGDEoAZCpw9FDvqv/3vQnHHYiApTUcH7Zxy7a5p06fVExT7tOMILORV97fePndrzXdb4BanCHoDAfU7lqhfR6EEOk70+v/Nmdi3S+DwSDZZfgUQV5Z+MlfJ4yqf6DC52s6kBkfe7Pp4Vc/aL2MxDApHkFe08HLi1BQASSaAZXSwGcR4QfnDzyzxuPdjHnFiVT5eoq3XFC0C02TLVECCGCaZjvGOBruDnucgbKFbsZ41KRRWNdFdyDgLuo9ro3oJ93/fstbGgKQmEz6qglD54yskYpK3aVj3xYoAcJBjo5FW9NzH17dcW+atsBgrtB+3fQhU2tdVDNZo2OM7QzDcLquc4lEYjQAA46K4KL++gJ7uw1Zh3d3p6oWrN5585aW9BSPw9Nls4qRrKp5DMO0WxgqXTAYG8cjubHS/sHsyfV/OFCWIdkGXbLik1vPOGnqZeTclmi0vMbnI1tx5qsfbrr8Ly9uelBDCggmgMHyBwQEUqdw8cyBf7pi9jEk/ZjsWHwaVPzXO0vvPHbcmLs9HqntQGZcvKHr++t3ps+gNFU3KQrHE/l6Ny/1qNhwC8BQ4WQ4UBEMZk+fUnWF1+kI59T4WLfFUqbqcIthGFaGYSgCCqTaUdNNU5IszT09PT4V07mglf6NwEsrC7TAB9y2taQvy5uz5z++IvKMYiACCJmrJg0/d1S1+PaB+vlN/70ECAc5Aj7elT9n/pbIbYZodbi0ZMdxNda/lrmllSJtKBzHGTRNs4QUpaWl7cxQqO4ZUaSSdrs9uT8Jsfb2dikUCmkrN6w8jZVc6WAwuLGidx99447OY4cNqFhxqOIqCYydSxcuufeYE46b66WoTH/dyZfeXzf3Ly9tvtcADUREAnkHloMHE+A70+rnXf2tiTf0j96TwOjzr334+MnTR/74YPf++wdld3ZkBtZX2lvDAIwtm5Wae3pGZrMwZlDI+RTLSoGckRxuZaRKAHoMxngQ4Ukg6s6macq6roPVak3Lhby3I5qorfa7bxdFywfJvOqtDvoWd3d3u7dFCnM2Z7lzk5QlKDByeNag8p8O83AfHqS7v7GnlQDhEFzfmyJMKhuLZJ3huDo00r5tos1mS0h2R49m6P68nKsu93leM01T9/l88X290IRW3WKxiLFwbmha7fRUBKuX0zSd7xN7Wbdp54yRwwYc8hSX8Da8/vbiZyYfPeYmr9e+qRd09JYWYNe0rr/y7le33k22McmSgRAo0//JM9qrJWiag/OOq3lg9oSKH4VCIbUP4OJx7Hh/+Sf3nH3K+KsOtIzZW8Obt7WcOnRg7ZvRaJNd1x2mJKn8ttbc+X4Hs9NmKysINkbDBaMaUVQdUcgilYxFKkeaTiOEJIZhGISQJRxPT+QAdnq8ntdjiUQVUNRWvyvwjtdr6ejG2FpGUfLe6OwOwe3fqFNLgHAY7iYAEUkmhyV64hMMEyoTicSw2gG1z1s5aQOZIciynA8Gg+Ql+kyEm3y10+k0kYJzrNsWnVs1QHzRIUkdPouPULsX6yS2t4enSk7rxr1lHO53zU9SlN9d9vyYsSN/T6bPzbhZrIVaA1qAfaV53dy7XtlyJwEEsmQgEuykInF/B9kEvfCEuvuvnn3Mdf0JRnpyPWUffLD9rm+dcszlFEWRSP5+j16qeqKBSURYLat3Nt8wZkDdnalUKsgUGNmUTCOr0I1dzVun1tYPWY2FHBJ1ERkstgssS5mm6esVcY1QFMUahlFBQEI1oHFzU9OZdruzze9xPVdXU/kA4ags5SIcyCN7/70ECIdotyIIRMBCiekgrXMFv98aJoG7VEofumr75l81Vjie83vKlkuSFNvfl5O0s2VX9ykeq9AWDLp39J0by+crqYLp6urpPoMWpO1D6ypfOhjl4qJwTDZsZzHr+nDp1r/X1Pmeqa0J/Ntr8Xb0PeLzH7f96N5nF99pmAwgTQBOUgCh4rp8n1YgSHbVWcfecem06iKVOuEvUMtVlN3FTl+zesNVs0+Y9gODRzqtKDThjSRxBkVRXJTVmrepNFuAAgE+QpHGmABumuZEQzWGtHW0ntZQX/8Hl8u+gABK33Ii250NdKcTJ4UGVi8WAUg6OJmREaZnugAgSgAkHkLnAVxKxhiZibVMimfRtNq6ur97HdyL2WynRdNEQsVuBIPBYuVo6Th4C5QA4eBt9ZkzyVScBLoI/wEZoK3dyZlWt3s7B2kz3qmMZwVbT03IVpzyE91Bkyt4GF5SGRqYbE72F5ScX8+p5SOHVhMBkk9nEPF4fBhZM0diybNMDJtGDG6440BJNkVZtDDwEZp8PG22Dau33+7xCUsGVle/YQvaPn0pFq1uvfj5Nxb/pKaqZj2D7WZOi0s6xRKOwj7lZxoRCTlCbEBhhsxkUolkxYlHD37xnJnDSXFT8cB4E796nXhaW1v7STOOH3gTQrqp6xbDNE0kiiKfN/JlNNDlkklxWLA4MTbKAJBb100/RXOOQkE9KhLpHlxfV/Ogx+O6C4CkNYHc91XftCt2XZqyj3XbqI9cItdkGKZXRyYt2PmdFRysh0TC2lMw6hQ1V1VdX78kmjVGpNLJ0Y0h/0OxWMyDJQmrVmu6VNl46IO7BAiHbrNPr8C4XaKo3fn9O1paprtralb2BvLoRAEqUi27JOQvsy9pyv1iXWv8WJbGKsKYUSnWQxsqHlLu3HjNibWfKVjKEkCg6YZYOjtFVpTu4YMa7zrQ9Lc3tsFHIcpRMcqxYUvbhSKLYsNrB73uqNhd7NMei1Uu/2TlhZOPO/bRA+1+9DcJkb1/e+lHN4wcMfD1ITUNq0jsg+d5dnNz56yeZGb05KMaf48kyULl8xThMSAp2jRNezRTG2TlRFbRzXE0bdjJzAAhbKEoTsxkc8MTiXhdVVX50x63+1HSPQAgM6ricumN1V3Pv7U2co5VklDOMGgKmyAyWC8L+uSTB7Df5Tmux2uxdLrdInk2kjlJdXb2jA+Fgh+RXR/Cx4CQP9snJHsYLv7GXVoChMNweXMsM7jO52jq6kpUMwyvBnu/xr3rZVJSbHQlCzX/XN7z8sfN+TFc745dgbODaCowtdG7+Nrpwal9QS/y70QiMQFjujGTL4xMxJNo7KihvzzQVuPaXeHxq9b3/FTBeRfNClyiW2vAkE0GAuXtDklsY3iHurlpy/gxo6ueOn1C/T2H+sgbdySnvbhw+R8ClQMjFpaRdS1l6exODzEZyT/Az71rAmcXWZwfUet9OVQufkhIU3Ud13I0W2aCPh7AcBG6OYQomgKWSaTSwwxDF8orfK+4rK75OtI7OY5roajduo0vrUm89uyyjtks4ZGgcbEikzVlqPTbC1dPrhxXXbabN7H/c+BmLLZKreU1wZquZDIpxt1upbEXYA71eb/J55cA4XN6vz2d9qxsk3/tYm3tsVy2ZvQA30MNHmHj3pp74L22lz9qM84y5BRgUwOZdwHhTjummnvrmpOHnEzW/72swEw8lToZMDOooBveru6e0ODa8uucTuc+VYsI0crGdnzuY8+t/Xtc1ShRsoGmMoCZDNAcC5whQ8GQgGUouOL8cdeePtZ376E+8kdbsmff/cSHz2YNhtPyWQh6XJCWZUCMBIKRA8xaQWIUOOeEwY8fM7z6dzStsRTPOFlDrkMUfwLDUEEAzCFSdIRp1NXZPY5lmazL6VztDXgWMqBvAuB2kmJRskx5fmVq/itrwieqBAgwAwxLAY81qA7YEz+aWlfv8VCEw+EzR2c8X7Vg4857XVZ3OyVBx3C35akBFZ4D5kccqi2O9PNLgPA5Pby1OTP42S0dL7bF9YEqIOqE4eWPnl4d/ClAAvKmGQz5/c07duxgHAzjemhN4fW1cWE8h1RgaQQyZwPOKMBRHthx1nDr9xgGc6IogMAwYkrOnstykhsDo3d395QNa6j4DkIo5fP5ilNjUmBElOBDoRDZHkAAq6iPN/qPv++Zba+lDJBIBMDQGWCEPBgYAW8CKJgHESi45PTaG+dMGfinQ33kFVsTJ//p78teUlhRIpVFoFPA8Qg0RHgTGUCMFXA+CpedOfTBE0cHfmGappXnwWEYuXEGcpxLAQQAEE0EoU1E6buaW8c6HLZui1VqFyS+C6lKj2rgHhoZqwAEZcHW3J+WdChjiHYlMgQguvIM6FDpFPJXjndMNhVqR3iQrzCNzMC6uizIVi7t6Mx95+H1bX9jVQEc9mzy4qGVs8cNCpTyDg7R2SVAOESD9Z2+q6tQc/+Kne/FFalOYSiYWi0+fVYte5Us+w2HI8F7vd5P9RofXhx+ZmFT6nzaVIHBOuisBJShwqhq97qfnVo3gfAlcpwsyLJcFk9kLlE0/ShNN72t7R3BYMD9IcswnbzAt5AEKI7jgBO4Lh7zWwQBYuXl5cmFK9rmPPJC0zNpMGmaJozIAlCMBqpBA0ezoGMWXCwP3z2t4upZk+vIttwhHcs2JM969Lktz0bVPK+TkmzKDpqeBFGQQDWyAIIXKDUOF53SOO+Yo2y34zwu1zA1BpnyTKVAn4iwLmmaxhgGQhgxRmtbu1hTW6XabJY2t9v1ocjDEoaXPvHYbLuInsILn0Rf+de68OkaMkHCGFSEgMEaHl5XvvLGU+qO3XMJlUph97Id0Rsf3ZW+UTQsYLelMlcdVXH8qNrdacyl4+AtUAKEg7fVZ84kwat5q1PvqRlwZihkP22E/5ZZDc69rs+f/iT5+CurOi4RWQZ4WjURIzBKPg8ThtV/fP1Uz8T+Dedj+co8p4eQTg3Z1dZ2eUXA/yRFQw9CFGMaeo1maCFN1QqmiTeCCS1ke2Jzl3nOa4u7fqhwBiCUB/KVxGACy7gAOLXIgszmFfW67wy9/ISJjU8e6iOv3pWccttf33tNk1hXHiPgaC9QkAAKYWCxAZgNgqkm4MxjA8+OqXM8Q9NcuYLYaYIIoyw842Y4xmBYKsOyYpRluOSunS2zamqr3+UFdq3faX0QADr776S8sjrx7AufdJ7HCRYgMjOaCUAhFYbUBJr+38zg2L3lPWxpzh7/2PbI04zMMYiNpS8dXjN7UN2BaywO1RZH+vklQDgMDzc3N4sORy1vmlFEuBT31VRrHA/duHPX7Eqfc5GakQOmKEkOydYVtODmPYVZIpFUPWNhiOTT4G2trb8JulzzPTb+WRYZCYZhOZMSAyZiVZEx2+x2e5ZkQi5a03bGvOfWPV/AIs9hE1gEYJCdetYFhq4AYm3AagW46qz6G2ZPbjwg3dmez7F0U/KMv/5zzasFGgNSs2Bh7aDiPJiUBShUAMw7AGsF+P7pNf9vdrVwR07yORCNnJihR6pImcExNMUzIBPKNFXT/J3dPceWV9Yspnlpmc9peXTPXRQSF5F1KpQuyBXtBceISrfwSWf7zkkD6gYsGxyQlu9PFr61NeazWHB2f/44DJcf8ZeWAOF/4GKydRfXaV9DwLmDbNtha9BSZoP0vtKacXu7lBKEwR2RyE1WKRiE3o8rAAAgAElEQVT2OR3zEKdETdm0IX43C7Ou64m+6sNFq9vnPPjCpmdyJsORDB4WU6DjPOimABKnQlZH4LPa1MvPbrxixpiaJw71kT/cEDv7r4+tfiEHQOoSwcJYQUcFMGkRWJwGkBygyzm46JTQbeedMO6XZPZkmmZQZ5iAhePKNNMcgwxcBSzLqAVtQKS7q64iVPk2zwvPBJzWf++rP8X8DTPhqaz0thOWqZjL5SGamYfa/9L5B2+BEiAcvK0+95nNzc2u2traHJkWE0AQBIHbnyBLUd4MoYGZrHZ1HitCwGO/3wpcs8ZxisfjyYXDYZFlWZp8BclW5Turtl30yCtbH0wbjEDEXVmTBqBl0EwRRIoFnaKA1hS46ryh153yObYdl27smnPvs5uezAEWEdKB1jlAWAZgRRAQBWQZIdIA3z2j8bZjGl23Eb0Jko+QR3mHgGkHRfENBtBHAc0HMrns0elE1FlfVX4XrZuLHH7/tn0ZNhLJBU0uI1R4Koq7BTt3dgx0uSq7vV7q0/jM53ZK6cK9WqAECF/ywCgOajMjlJeXk+QbKpvNelKpgrO6Orhzb7cmWYfRaFSkREdFKpWfkcx3DAxVVjxkw3w0Z+QsNhbyhQJDZObzPp+vsKM9XbN6R9s1zy1ouSGLWCBxfyJ1yosGEH1aXWWJshrYaQxnTS2/78KTBx+SnBtJenp7ddfce59eeU8WG0R1GVhDAkzLQKgUkCoBbeWB1gpw2njP0lnja66z2Ww9GMewaPIGonUHzVh4BaEGmmZ98URihqrkherqijt0Pd/u81XtU7quqys2mLVyZsDp3E6AryOaGWACstX2ch58ya77RjZfAoQvye194inN4dzkoJPeYbFYSF4+SRG27mztGtxQW7lsb7cmcQny/wWv1yZnMo3ZnvzI2tqqf5smIirzLpYVkxynK7KsBzL5XG06yVfsiqRmLFuXPFM2MEvUmLGGGZbXcrKMXaIdpzSsmpxu4tlTGx8dUe14s6KifJvNRnUf6NHJlD2ejk/c1i7PeGtJ29Uai0kcUdBlRhQEnZClAMMTDuSc6BJENGN08I2GgPCOxEumx8+stVicROKe1TRNMAzDQ4KB6XT6JFU3BX9F2WuUxuZ8Pss+AaG9PTzebpe2u3pFZ0h/27u7R9iEYLvbvTuJqXR8sRYoAcIXa89ia02JzLGywVZSikkj2hDGVrqIOKwCkPUA2NG2bZtHDxo0bL+lzSRBp6Ojw5mKhQfbXP7VtbW1ZEOBFPpQXV1dQ3uSuYmagVFdhedJhknT3QnLgDxCnMBCwTQFBrEq6myNT6oO1XzCO6UcZ1K8X+K7NFYWursSs9w+26oqz26q9r0dsVisMhpNNvp85iqfb1C+OayEeJue64jEG6Od8gifT9wsWMQcKvB2jVasGARbjY/eINF0vrk7daFmZLxBd/VmC5ffxHFSpyiKhqqqXLQ7erxgEdptNtt2JElm0PafWos9+9Ha2jHDVW1f4wAH4ZUoVmCta41/qyWlTff7yla6QG0bWiku/BJc+I1tsgQIX7Dru7PZwLOrWp/ZlTDHIA3BrMG+B08dGfptb9mvnXADtra2jqitrV20r1u3RaMV4YQ+QQELH483V/uD5VtoitIkCqm8qRlqOjmQ4Tjwl1ctsynpqCMUSsEO4KABtF4JtaIWw5o1TceOHj14KblPf6KUWB5X9sRaJnOGwDfUlb/Qnw+RnBcOR4+RlUKZw+NcHXS5PrO0ITsA4fbU8BGjGz4T7e+bEbW0tPC8I+iX1Z6je1qzp1QEHW8VTJ5WGVFUDCYYi8fHOuzCx1Ye2lwu567GgHWvuQJk6dTeFTnV53aslCQp2heAfXVzz73/2tIzFzMWcNKo+8bTBzQQzoMv2I3f2OZKgPAFuz6Nseeuf29fuSVN1QmMBY735l6deVTNz0Qq2y04HJXY5F3JcPvQmvoqMmsggcbP1B5HZbl8+dbMLxes7bwogxxORSey7hzocgJCVq1z6rDAnQMrnfN9lB7XBUHTeV7kdV3N5VxqVdVu3UJC707+tXl7y1ifaIkF94hX9L68bLwjPiaaSwypqQktkCQpXCgUylu7uk8VOLEQ9JUvtFige8/+dXbuqIp0mgNHHz1w8b5qLEg5eCzW7gPNZV/Vk//JJ1taTt6VMCopRxnkCyrYWRPsVCY5vKFyyWVT6s7Y0wUklVtRlGBrOHqFN+R9lTXpGErkUQEj6d2W+J8XtuRn6yBCnccevmFcaGAgQO1zy/cLdu8R31wJEL5gF7dhXPHcW02vbUsbY/KMnZ4dEv4xvsb6R4egd8kqnq6AZWpXW0t1wGVdbHM41nBUJkbTosrzDsPlEiPptrT0Qcq8/aXVsStyqgkMQ4GJEWBDgSqvJX3Ncf6JA8u9OwF20OGwlbHb7VZd1zWPx5PuLaoigUsX0WbMZKIeU8GO6gEDVuzlpRPJzKArJY+NhLtPt1qlbqQjyiJxO6vKA+Rl/4w2ZN/1GzZsOFFk7bkGsWYN1AIhf9krmUIxCNjRIUiS1/O393Z9vCtJVeqYKkqwAUnhBg6mDgws+N708lkkthKJRASKEoOapvgpCmyZPJrWk8geV1duf4kTLU2MADtpzpn/sCV+44JNPdeYnEQFbFTb706srf+CXfiNbq4ECF+C+9e3R6cqIHo1WnCX8bC2wc+v6v1y8wAghcPRowTBjHtYS3ecFoM6UuxyHlnttNaayWTE5c3qzQt2Kt9CjADIkIEuch+a4LeLyasmuSdZOdRms9mKFM+6rhs8zxOCV4NIzJO1Qi/dGFUoFMT2hH7G+GHV8/bFapTC2J0Jx6duamq6yut0bj16zPCbqP1MwdesX3Om2xFos1r57X10b/syIfnSd3TEfY+uSX+4I2rWEs1KMBXgRA6QjmBSJf/hySOd3xdpRmOsrCoSfW0ogNvN5nM5PZiRlfqKYAVZWn3KgESWNDui+lGY5hQe51O1fmspL+ELHMMlQPgCjbm3pvqv3QllGuFjTCaTXsMweL/fT7YiyYtNgoVFGrJEIiGs7IIfPbms5Td5gwWBNYEu1j4gcFrpwjXH+0Z5edzFcRyrqiwPIMsWiyEahoUQvdKEZgwhROTPsSAIemtP4rjhA2re3hMQiqQqAHRbV8/UfCFfUTWg9u1UJDIsl1e9g+qqSbIQ4Y38L+n0FStWn19ZWbaQpulCWVnZftfuZOmSSqWsf1wU37wtYpYzNADPAuQRAEdTcPJA2wuXTqk4txcsyQ4MGY9kuWNGM5laStMon89H5N3J/9f3R2n/JbvxG9N8CRD+B67uJ91GXkIcDocJCPjLy8s/k8NPukKyGt9YF/37/K3ytxDvgIKhAY0FYHQdPDaAG08uG2j1F7r0Dh1xHEcHg0GNKE6Ta8lWpQ0Aq0QngmE4AYuopycyYPDg2mV7rvdxGnvWd3Vd57FRHzud5SvtdiAl1lRHd2xyJh0PlQcCSzyez5YPky/+2rVbTq4cNWQhRKNwoPRgAgjRaIv3vo/Ut1p69JFmvgC8wEKGAAJDweSg8tLJI8su7N1BKRLX9sY3uHA4N0AQtM7+RWL/A1d9429RAoQvcAiQ2UDv16xvcBNx1P9iMe3o6PBms2qFz+doEchnXI9oqmo1slmlEVjMt2T4U99Y0/H9jEFbKaAYnhWAw1j3uqT43JkVE4M2G4m6/9fafY/ZCNuaB3+ks3OMqeYpp9vVAYyNFygzj7Md9p6exNG+qkYz6ODnk9kK0TsgcQeGsRbS6fiAnlhsvNVlW+sUA7vShmLlJD5tFHRXJq3UBap9Ky0uMXYw0X1CC3/P2x3LdrYlh4osC7qpQR5okCQJZjZK9w/yFJ5gWBHxNDLcgtAukEAp7fLFYj21dl7bUlW178SlPtf1BlHJWCbPUJJsO4wxXQKEwzDewV7an769PRYrb+lRZ2Z1CHkctm02iekRc92ZQqFgE+1udWBd1ceESn1bHIarFLDZSKzGbreFdSMvaSYXnNTg+MeB7kvut2jDrhs/WJO8NIaEeoHScwxLsgZZ0YMzkeMbbLcNrPB9oAqORhtX6DRNUxVFMUkSiGiaJlmQGVKK3R6JjV7cZvn5zni6nhFElagiIMxJkt0WHVFleeHEse7fHgwobOoozMjJssPudIR7oj2NlRWVq1QD3D4MawnNWUdHPFQoJPyGIct5bBu2KSdcFcurtXaqsHlGlfeG+vqK1v09czHVm2VpwzDQ/rQ0D2S30u+712al40u0QO+sgSwTRMput7Ym0ElvrAv/PpZHIZExY1OqpCeGB5mnvA7HLgVx5ZV+x9b+3WltjdTX1AQJTwDs7E6MqA+6CSsTiR3uV4Ptjaaev7z2QfT6OAUgIBUojoeCgWGQC7Vdfkz5jAFKuj1fUeHJ5/MVNE33AMmYQsgg//TGG8iWqP3plenn1rVlj1MQBg7lsYmJPCyvThnoevLKmQMuPxjTtff0NIb8/jbCmdja2uquqalJ9pep790dISnb/Ibu3Hdf3CzPi2EenCKCcwf5rhhi9z3Vt6W6t/uRYqq++ElpiXEwHtn3OSVAODz7HfLVS1tTVzyytP2hHGUFG2fC94ZI504eWvkieclj+XyZ32rt6t/otuaeUQPrAkV5sh3R1FgH1jr9fj9ZMuxTUIGA0EtNyfufX5S4gmE1YIw8aEQjUrRBvbXQMnd6zTEkOh+Px0MsyxZTpTHGJkmJNk1BL8qlaZqe8/n0J97cuWpTGIbmTaKRmAeKYQGbFpjaILx4zbTycw5kgM6MMiifyFoba/1FoVUSzOw/rSezmY4MuLlCRCVByo93xM58YnX8lRiygIhycNHR3nNnNAZIzsY+j3g87iCAgBBCJUA4kEf2/3sJEA7Pfod0dSKBnWsS8hWvrdxxk0zZXSbNwXVDtRl15Z5VsixroVCIbK8VYwPkpc7lwJPIJAdWV7hJHgGJwtOdnZ0jnU7nTrvdTr7q5Dyy1VicLZClRt/OwL9W98x7ZEX2WgvKAotVMBkraIwFasR8xw9n1U+s8lk6SXoyIT+1WCzZfD5vI+rVRBmJNGWQyglF0Z9el3t7dZs8WaNtwCANMKJJDTRMqeZfnTtrwFl9YrJ7MwT5rXVn67hARU2bJBVJUPYpAEGAoiMDjtZY/PgVLZEfdOWgHiSn8N06c9rQhuot+7u2r4KURCRJPsYhOaV08mcsUAKE//GA2JkoVO9si56CeY4Gk2KHubmXLRYqS75w/Yt4el9wMdrRURWoqipW+xFAyGTUukwmMSAUKifFUSRDz0o271OpVCUluZh4pK2Co6jUx+3mL1/Zon07TzPAaFnQEQWcKEKjQ++49LjA1IHB4C6ShixJklWW5aDNZovm83m7pmlQUVHR3tHRgUOhELpjfuvy1S3xUYQEhTbyRQVmRAFMqhXfP3WA9AOaZrM2G6vxvE9xOIAUPBFlpuIWYk9PYgItMJrkdHZYAeIEaJLJpLX/S9tf77HPFSQmYJpWERwAIYeD8EbsV16KLD8ikQjJ8YADbYX+j939tbtdCRD+j11WFENJpewulyuzZ1yATIVRoVDmD4WKnAG90XSuPRI7QaSZpN/vXteTlscbcsKr65TdYCU9UOl9w0FR8fc3h3/26KLttyusFzwSA5qqg45MGGBF0TPHBS4tc7Of0JLLweM01jSKKCuzPM9HTdO0y7Lm5HlrRNNSjkc/KXy0vUf2EECRWIQ106AIkevUoyrfO2Ni2emWLEiqmq6WlXyNaZoSLwgpm93SqanImszIIwfV4n8AlJPofzHzkWyr7o8L4vO6g8xGSrsMn9d6/7muBAiHb8MvpYXWlDY2lsdDlJxc0VjtftkvAEnQQem0UpvIJk/obO+YHfD7V0s2sdnndC4kBUA5AIcNdjMxrd3ecW6H4ZjOmnKE1tRMNpurZwQb57LQTQFRWclRVNbi8wFvGHmr1ZpTFIVRFMXP22wyY3JKT6p7gpzOWVXRJ2RUypNIZ2tCZd73OIbTcoZWw2hpetqI+jt6g6YkxZBs91FZTaspZLOhHS3tFwgcH6uqKn+CEcW4V5LCW9PG8Zs78pfTpp722qU1k+uK9GmlbcIvZQR9vkZLgPD57PalXkVUi59/d+fCpoRxtMTS5vAy65oJIeGPVpyKckBRdk8gFUvLJ4iS2FXmcZKsQvL1JV9IEoNAPT09tryuNzorKppdAIRdiN61a0sdYq2cz+HoUpSUK5WSBxVAGF3lcy0wTZPjOGuGpmlB15WBiVRitKIZfCDoexp0fTNFUdZ4PD6w0mrd5K6rK/IQdHd31wV1vRtCIa03vkFyMHTydzKZHJTPa4HKyuC67u74AJNhNKzm0Os7lAcWd+JJNIWh0c1svf7kARPcAGRmtG9xyS/V0qXG97RACRC+gmOCZAT+7u3mHZuTdAg0BaY0eLadOtZ/co1I7erNaaALBajo7Ok4qTLgnS9JEtFGxCSgiDG2trS0NNbW1pJAnBqNyuU8b6jptOLO5eTK6urAVpKApCiKO5HIHiMXctXBssBygRUzqqo0RuOxqaSeqrKy+mmEcIRlcbgjEqkRJCnnEIRwX/1COo096XSkwuOxRa1Wa09vlmGR0rGlpWVwbW0tEV7J9jfvs6vCr7/VYpyu6yrUSoXNv589fGRphvDVGoAlQPhq+aPYGzJDePadjW83xdCxNDLNyYOCr3/76IrzSPpxLyA4SUBRlmVfNCGPrK0KLCCAQK5t7ew83io4unw+O1GUNiOpFKkGpLCiSNFodGAwGNygYWyxcFwS4wLO5pmZ8UR8Ks8TBQeKaD50u73uhViHBEJIE0WmY9f2LWODFYGtDGON9U9XJvGAVK4w0e92rLXZbEUGps54vEpVFEt9ZeVn8inIb29siNzx3vbkFchUlWq3peniGQ2nEy3Mr6ALvrFdKgHCV9T1a7tyM+OacBTD0JqPKWwdXmF7u39X+9KUN7dEzrJbnBsFvxDOdXQM5ThrIRR07yBTd1K1GI1GBxGtxWKdQkd4Snl51Ts6JTAWFqualqFZi8XS0R6+trsrPMrr80SqqyoeZCmqg4ABTdNyToG6VCJ+VFVl6I080WP02rb1Rf3JbCSS0+qyyXiF0+NYz+lWpSfRNnxgfTWpnfivxCmytbgjDTU2BjIGA3yVhdonfdpX1C1HfLdKgPA1d/H8TR0Pvt2iXGlBdM5nV9tumDp4ZBiAL++NJ3QmEsfylMQabD6ai2X8YORjDQ1Dt6ZSKVvaNMuT8fh0CwLRbrNHotnsFFbgO71W50uiSHeS5CRVzdbldcNldwfaOMPQ9kaD/uxHO/+1KomnGIjmBtvwkiun1p9yoK3Cr7nZj9julwDha+7aZzem//XyltRpvElByKlkb5vV6CKP9GmyUjLpknVdtBpGZoesjcwzPBu02Lfm8/ky1szIeYqqdtlsMVF0ybKaLsvl81WmrFGS09sMTns6E5MbKV02RwwMEQ5IUoL8X1/+h5a2fbyoUxuPEQUTfNRHN8woyq2VAoVfw7FVAoSvodP6d/n5lV2vvrY9ewYDHFQ7zczvTm4g7MbFRB6St5BOp6s0iiIUK/G3mpIvbIyakxwCn3BwWvz4auHigNtaLBwyDF7CWM6SZUAikx+1JWb8cHNSH5MFxhPi1XVnjBxwRrX/s2nVff14ZFn7wnc7tBmUacBEP/X+tTMaT9qXCM3X3NxHfPdLgPA1d3FLV2zIyh7jtzTNmTYJt8xs9P2y75EwxmIikfDLIjL5rJl+aWd2zaIWo9HJsBDyGt3XjvQ2+v1+EmewiqIoRCKRXENDg55KpRyvbUovebctOxxTVhhskXedP6F2UkPZ7nTpPY+Vzckzt8n4XNoEvU7S3powsOyZr7lZv7HdLwHCEeD6fgQs/8W/QOoVkIhMf1ROPdBpfrKo3RzhwBRUBVDLOTMGDRpGUVpzMxbr6oopx0W2ZpL19+THne8uastONgwWBtu1tnNHlx3bGPJ2HAHmKj3CfixQAoQjeHiQFzydTtfqOqcoSiK1Nin8eUscnykgLe210xtPquMv9/l8pB6C7Eh8Wi9Aagma4vT1KyOZy1SadVdLxkfH1fjn1le498tLcASb8hvzaCVA+Ma4+tAelGwR7szlPCK2mXQOChUVVJHzsd9yhCQhkdJpEjws9Ku4LM4yDu1upbO/KhYoAcJXxRNf8X7sFnAJE41KQrxKyGKdAHo5EZ4HkFQiJ8kBkLwCQrxKziE7EqU6ha+4X/fsXgkQvmYO+7/ubjKZrEEIzQCAEE3TKdM0yTJiq8/na/q/7lvp/odvgRIgHL4NSy2ULHDEWKAECEeMK0sPUrLA4VugBAiHb8NSCyULHDEWKAHCEePK0oOULHD4FigBwuHbsNRCyQJHjAVKgHDEuLL0ICULHL4FSoBw+DYstVCywBFjgRIgHDGuLD1IyQKHb4ESIBy+DUstlCxwxFigBAhHjCtLD1KywOFboAQIh2/DUgslCxwxFigBwhHjytKDlCxw+BYoAcLh27DUQskCR4wFSoBwxLjy6/EgvbTwYzHGJ2KMF/l8vie+Hj3/ZvSyBAjfDD9/KU+ZTCanAsAohNAoiqJGkb8P4UYJjPGVXq/3pUO4pnTql2yBEiB8yQb+XzTfJ9ryZd+LULLFk91zJV76ia6YtdigAfO7mdfQbuEoYBgGKIqoTRvA8zwghAj7M9A0vVtKHiEg2o4UoOdMTbnXE6hY8mX3u9T+wVugBAgHb6uv7JnhcNhP09xklmVG0TQVMgydZ1lqBcbm+x5PcP0X2fFYLPZdhmF+Ypp4GMdxYJo6sCwLqq4BTbGEnLH4/wgwmKYJLJiAMQVEQh7hIiAghmEWsRT1VwPjZq/Xu/mL7F+prcOzQAkQDsN+GGNCTvpfwiWH0eRBX0o4DwHAJPyFhBTVwTocmMEeVTfLOYnKGkY+pwDKVnor2w+60YM4MRVNjQWOG5tTcueJFjGINdODEXKIgmSqqmbSFFYQNhVJ4toLikqLLBVBCHJAs1lMsYphoJRJUSsZLLbRNJI9HqntIG5bOuV/ZIGvLCCQl21DRB7mt+JuQdc1mnbTKivzAas1eigvIWmnNZ8PMoZFpSigsnLK7mONeJ+K8aHaeVckEkymTY9oE+VUKlfr9fjbA7yY8Hio9KG21Xf+js7OKl2jGRWZvJnPiZglTOgYmwYlkD8Rg4jUOmDEsBiZIk3TpsPmjAhuS0QoFLTy8nIzGo1ypmlKFEXly8rKZPLc5Jo+W21vaRkDlEBk4wEhjDCPMaVRFMuaJibK0eRUnS5egzjOtDCsxrJF6bZEf9GVeDzuYFk2YDKMhEzTQq4Dw7DrOrbY7VKXIite0SpGcoV0jcDyGYricrmCFkxlZX80nh3c2hmZ0BONOXRNT2CKSXucYnttVWhNdX3VCm91WUsZRRFOxn0eO9p7GgAEMExsMqypiyLGVT7fIWlEdnd3W3d1xwdaBFE2DYbREEg2GgpeL99qmiY2DJuQSMQHYAulOV2BbpahGEORrQ1VgfZDFaBJpVLumGzakGFwOmcacjLnIT6t8Dl3ED993jHzZV33lQUE8sBvrOq6/s2thf/HGHoKAWfxiLhz9lGOXx09yL/wYAg8ib7Aws2xb72/PnqDbLAuhAxMM4iZNSp026zhrocP1aikvV/9bcGLTW2xEawoUCyLUUGn7I1B5v1Lz558/aCqQxuY5KWd/+7a2fc9+o/b0wXDRzMMYjBCLENjVdNZYFgOEEUkmMgCnC6u1BGiOY5DLpcr53K7ctMmDHlm+sxJf61wOGJ7e55oNGrf3pmcevtdD86LpQsBbJBXgDEpikHAcoyBNUTW9r1H8Q+apjHLsmRqD9UBb8uIoY1Ljz1m1MtHD6n7mEjM78tu/WMZGGOJEK2u2dl94pJlKy5csmTpybvaOt0FRQcELFA0meAQlNNBEjhdEoR8fXXZrmlTJj0zacyw+WUeW7vb7VYI0Pn9/nxHR4crp1G+ux94/L7NTS2jOMGiGxhxHJKVs8887b5zTpkyz+fzyQfzsbh13pO3vb/0k+/oJuYMluYEA+jjxw1++Vc3Xn0F6dK7H64++c77nnooZ2qcltdNi1U0KFNnzzxl+gOnnTl9HpvLqaFQSN2HoC0VDoel8vJybdX6zWNvv/vxebGkXEG8xtAsICRz40c0LLj9Nz++kKh5H+oY/LLP/0oDwsPvN9/35k7lakYrgAIW8PJK+rsTnedPG1b31sEa5q1N4XOfWtZ2Xx5ZveQajgV83sTgT88a5r/zYNvoO++t1V1z7nty2WMxlbYDjQBQARDvBQeOpa47f9IVp09sfPGQ21yy+YRf3PLH17MGI2GggUIaCCwNuoGA4gTABi4G5chLSwJz5G8SmCNM5+SFtdIm+P32tisuO/e2s6Yf+9Ceg5TIuS3ftHP8NT+79b1MAXMsRZO7gKobgGiOfN6LbfeBAmm/d2ax+54mBp5H4LVz0TmzZ/zjnFmn/LlsHwpO/Z+9HWPppUefu+PF+R9+L5XKSAVVA4oVigHH3ffYHWSkaBpkWQaLJAADOmA1DyOHDdhw9mkz751w3Njn6tzuFFkSVVRU5AmAPvHKO9fe/8jzv4/Juh3TPHBmFupCZbt+dO1lVw2vC3x0oK/u64vWn3H73/7+WE8y60YUAh0D1AU8PXfefP3J44bWru57hh/c8tDLb7y75CxBsEJBUYChEVT67N2/+dk1500/eghRt94nozTpZ0sL8Pc8Oe+hN99bcRFCLLCMBTS1AJVBS/THP7zk6tlTjv5K7q58pQHh0WU98xat77iWNw0ocD6wUPnU5ePsp00aXbP0YF+8hRu6T3tiafh5BSQJDB1onoJvjy/7+exRvtsPto3ihwxj+qYH5r+4dEvqrAIwIHIIkKKAydoA52WYOqrq5cvPHv/9xnJ79FDaffWdD0/57Z/veVKhre6CrgNlKCCxNJhAA6J4YGgSpDOLIOEloI4AACAASURBVND3opKZQt+BEQ8Cg8EpQuGSC+bccfUFp/+6//0x3sR/tBaNu/ZXd72Vypt28l0mIEACfCbLgWD8BwB6n3P3h7sXGEyGB0XOgctpA1PL4dNnHv/Cjy+/6rJAgCICL3s9mpPYdcvv/vCvFWs3TzZpcXf/obgaKT4HQ3YZeoHNxBgsNgcoiga6roPLJoEqp8HrsiZOnTXzqUvOPOXmUMgR77tRe3u7dP8zC/7y2oLFV8oqFOc2lJGHmVPGvPbLuZfNra72d+2rX7siueDPfvWn19dvbRtv0jQwDAYrA5nvX3b+b68676S/9L9uw/bIgF/ecudr27uiwxR9N/iCmYdTj5/wwnVXn3dNQ1lZbE/9ib4ZEplJPvfG0nNun/fI3UnV9HIMD0jVyZhRvn3OzHt+dc1FPz2UMfK/PPcrDQgPLI49+l5T5/cEU4cs5wMbzqtzJ1lnTBp+8IAwf0PX2c8sjz5lUKKIVBlYUYCzxvp+ffbIwB8OZnrZ54zlG7pm3vnowvu7DaleYwxgTRWsJg8aJwMHLpBoFL/u4imXnDCq7K1DkUJ/8+0VJ/7mjnueT+qMC2EGLCwANlQgC3uTFgAMtTgzIP98elC7t/LIy1WgBbDxLOi5DAQdYvbH117+kzmnHfNQ/0G09OPtk37yu7vnxzKak3zpyJfYAAw6RQND7Z519AHAf0BndwsMZQCmWNA1CgRWANBzcOE5J933qx9eeM3eBmpbNFpx258efOS95ZtnUawdDNS7wqAQcAxr2K3WbMDn3mmR+BxZV2fkgr87GqvVNOANsi1JdjEpAxhsgiBy+NIzpv1p5tUX/ppIzvXdb932jtBNv79n/o6O7uEaZQHOVEBAaeX7l5x7y9xLz7ttb/0igH7L3x6544VX35+b1ymBF1gwzAKcMeno5+649UcX7M1nr7z+/kW3zHv8QcUESQMKWEBg41Hsx1dc8IvvzJm1zyXnli3Ntb++46Fn1+3smUBCvwQMLBzGo4+qfff2G3/2nfJD/GiUAKHXAo8v7p73zpbwtRpNg4losAuSfuU460mTh5e/d7BGenNt+Nyn1qSfMzWzuBwXAOGLxnl+OHN0xT2HojB085PLn5+/tOMcOwdQMLOg8QaImhfItFOAPBgcCxOGhN687uTjzqmqoohQyUEdry1cfuKv//zgS4qO7CRMUNANmDCk7r1Tjj3qpbSquFjBrmiGLrI02ePnDU01LNmC5m5t6xjy8eo14/MF5KBsXsC6CpwhQ11tdeTem2+cUF//H9m1D1etm/ijmx+cH8/qLgJkOkXBgOqKDd85YfQjOs0BIExCF4wJmOZ5TiMvTyaV9SZSyeAn67dMaenONSBGAJoyi0sYj9eu3HbTNWfMGDfknf4PSb6Mv7zjn/e88K+3ruAkHjRFAJozAamyNm5o/dJTT5z8zLihAz/yeGzNwWCQrJ/x1q2tobZId+PqtZtPfPuD5ed2xgvVJs0XtyrJkkJidLjh6m/94LI5p83rf6+3P1g1/dY/3v90l0wHKSkHYLLgl7yFu3//w8njRv5n6t93zesLls655Y4n/pnWKIuJcsDTGtSHqpruveWaaXV1dd37ctYPfnvfUwve++A8TIvkMwAcTUFdpbvp1l/88IxRQ0Lb9ryOBCzveuydu+YvXH6lhrqxQgUowZShzAktv/35dZdPP2b8uwc1MP6PTvpKzxAe+yBy78LNPXN1dve02cbwyrWTHCccPbzyoJcMC9Z1zXnsk/gLuoEoE9PAM4AvPSYwd+aI4AMHa/N1zd0T/vjoRy/ujMshjgbgaQaCASGOVcCdKcpHQwwQWMBv47pvvHjCaROH1Kw62LbfeG/FCb+87d7XcgXNQgTQBKsdLp5z4m9+fuW3btlfG83JpGv1srVn/v2pf/16Y0tPnUWSgDE1oBmAX1x3yTUXnjn9vr7rl32y4Zgf/u6+N1N5w0XrCgDD4eOOHfvCrT845zISsNtHcIyJxWKWNdu6Jz3wxAu/27StbTxGFGAwir64+OxZ9/72houv7d/H+R+umH3zHx9+NKsZ3lwhAxLnAYHJJ2afMvPxqy4749aQ4z9T/z2AhIpEIuRek//x7Ku/2byjbVKuoALDCcAChkE1nq2/uuHKM8cdNehTMZiVGHNLHnj65w888/YtiCJLLAw8YJg2Ydgbv/nRJef3jyVsa43U3/S7vz7T1NIzPqPoILAM2AWU+NmPr7r2vJnH7Fep+oM1O47545//9mhLOD4orzMgSRJQakY//7RpD/z6p1f8eM/A4KuLVpzyp7sfezSazASBQsAIDgAlkZl78Zxbv3XKcfNILORgx8b/xXlfaUB4fHH4vnfWx64GgS5OjwWKUX9wrO/EscMCB53dtmh92xmPLI+/QAHLKYgE1DBcflzF92cO8zx4sAZ/4LU1f3n+7a3XK5xenBG4QcyfPXPkHzleNx5+velWRKWAMq0AigHnnlb3hx+eedyvDrbtf7+74uRf/Om+l1UDi7qqAf3/27vOqCiybb0rdyCDIigOKpgwYg5jzqijYhqzjjmCmFHBhCgGFHPOjI7OmDCNOecxISoiBlREyXSorjpVb5129Dlclfa+mb591yv+6Fp9qvY+3z711Tk7FU1Dvy5t5oSO6G7RPTbEHg5etHFXFG9CFE4Q0hkM0L6Rf9yyOePbYh1wduH5G7frBYevOphjlBwZSQAeCVC/brW9GyOCOhW0S8LX7z5xrtuipbHLMrONrhJlAILUQAXvEjeXzx7U4MODh52I08fO2H/uamIziaaBJrEXhILurWou7Tlh+ATfr0QnPsXqanyi3+zI5TuTX6b7GSUCkMQAg3jo/2O7iEkju4V+OjYhJcU1auHWrecvJ7WWVSRQHA+sQMBPPQLCx/zUZcaf82dnL9kRuXXXoTEiS5AYI1KQUd/ANgsmjeo6paBjI3bKbt51aHDMup9nGWSVsx47WWUEHo7Mq8lBQ35q2cjfHPHCeSEJz54VmjMvdsfl+HuNOC0FvF4FIGZCk3r++0NGDhxW9iv+DUvXyz89zqYJYePZ1yuP3nk7lOQI8xmXlkh5ZAPPdkU8yYvfOTllWgLOyVuvOq27/DKWpjjWKDNmYulfz31MmwquMQU9DPj+L97pi4auOH7iyRtUBlG5IFEylNJwD2aN+KElqzXlDY86npihy3UhkQpkiYSibuTDGQMaNrHU+AeOX+wwOXLVLomgGSTg8zoBg7q3njN+iGWE8OpVjtuIsMgT9x4+ryTjtGFGBeWLOtxfPTek5p/5CMSl2/drjJyy5Fh6Lu+oZWRAQECdGhXjwoYGdi5RooQ5N+Frf4np6Q6TJiw88TDpbXWeyAaJUIOnfeH0jSuCqvoUfZ/4dOz8H21CZy7ZkityrrwgAMcIUN63xJXl4ePbfeuZec+BU93mr9q2NlMv2gsSCVpGDd+5ax7PCh9S19/X9y9O23OX71QLnbP+0Js8XWGBEgA7X7wLubyKmDqyfe1KPjd+OXG9S2TUyg05JsJOwjNHPFQr63M5KnRU4NcckB/wwMen58+zHVds2Rq9+9iFPiTraN4haQgTVCpb8sLs8cMCS5QobHZ6zluyOWz7vvNT9TiaSGBZdlCiEEqePGFM7yY1Kli8qy3IHv/k7zZNCBvOpK4+mpA1mKQF8xmZIyhhWIMiHbxdiDMFhZf+fDvQJ+Lf9lx/PmUjIcuESHAgkST0re0e0raiy2JLCGHb8TsT1u77YxaitKwkCYB9W4F1Sy0e263+WCwjfPu57ccvPulB0BTQjBoMeTwMCygf0rddlUWWGO7wmWttxs+K+U2QSFYSRcBe98HdWy2Y9A2e6GFTFh06feVWa6MAQHIa8Halnq6PHF/X29v7NV7Q124lVhoZFn0yLVPnrKYlcxZS/TpVDq6dPbaDJQ5QHPabFbNr69mL9zoJVC6IshoKa53ztq4IruJbvHgSnufMhZtiduw/NRLRGhAFAziwcnZI8E9BfQIabLIEh3xHCGZY6OLYYxf+CCRpEmREgR0tC9Mm9OvQuUXDQ/nvt3rLnqBlm/ZH5IiimlIxwAg0fO9f8XivHo1mLlrxy9KHyc+qGBABLKUCd3vy9bQJ/Qe1qlcrzlK9cPTgys2kKjMWLY999DzdF4drOQqAAZEPGtBlfOWeAatyr9ysNnXmmgPpvMnNKAqAj38OKrVxzIC24/t3a7/KkrwZS/X5J8fZNCFsPJu6Ju5h7iCQdECJenBU2esH1HHqUqtcMezJLzBlWJYTuQPxhYf/ci1tkWjIBkQwQLIc9KzhHtKuknOBD2x6uuwwZd2B0/Evs6uKBAmszIEzp0+dNrRFi+qlitzFhjl952nrhRvPb0gXhCJAkUAhRyjrId0c16dG+zJeXgVm0B04fqXDxIiYXQhoBkcS8KQGdm45b/zQbpMsNfyQyQuPnL50u6VMMWAUEfgWVj/dtGhKfS8vr5fvF/ODKqPClp7I0iFHFSGAQTBB3ZoVT80f36+dJcSanCyrQhfOPnLjTlJDRJuAZuzAXWuXuj4mpCbeIWAZfUfPOnHuelJDxkENiDeCj4dzwsbVMxp8KWHqa3PDJLb94KXucxav2YpIkTQaEGhVDPQObDFzyvBeYfmvxf6EjZPm7zh+6V5nEe+ABBbsGQ14F6UTEp9llwNOBr0Bv1BoIah/9+kj+gdEWoqt+cUSH89C+fLytr2n+s9fviFKkBkHHA3Bx4+izuonY8b2G7Jn99HRl648aofTsRDOIREQtG1e85fRfXoP9vZ2yrbk5fMtOv1TY22aEPAO4UhC+mASR5wkBCznCI2KU0sLu9vdAYHHzj0eAOlkghQpCVGyOZsPQCJIgcIpvyAzCRnyDxeeo74snw3mUD7DQvcaruPbV3ZfUBCohy4+7jNv5/kNImIpgRRAJbHQpGLhHWGDm+AsM3MAPyMjw3HxrpubTt1/2UGQENjTjgCQx/du5z++b9OKf/GMf07eIUwI81b8LEgkh0TZHAkZ1LXFoknDe4QUpB/+HcfWR02OOPng0dPynFoNvICgRhnPK1FThzX28vIyRzvO37xbfXTo0pNZOsleQ0pgkhE0qFvlyNqI4ICCiBVHDg6evdVseuSyXwwGWcMDDg6QUL2017Vdq2fVwTuMhy9eFB0eNPfC8wzxO5HkQUtT0KByhV9XzB8baMkcPjfm5OWEauHzl8WlZea5IxKAlCVoUrv6nhVzRnf53MN14drtClHLtm659+R1VVKlBhlJZmLiOA70Jh4c7LRQvXypU7PCh3f5knOzIF1TUlJcozftXXjw9/O9EcGSRpMIakaWSngVT0pNfeetE0wMxWG/gQClijgnzpgwsFuNKn5/FHRfW/rdpgkB+xB+v/tqKM2RYEIk5CAn8ICMdFHFOBoEkaYZR5CRHj+YH3YL+F9MCjj33xzWcpKyHj2V3Cq4kob3pbgULXerXmhyB3+PryYmYWfS9OV79hx/bGpHmQAIFQCDwDC1f9OOTaq4H/3UiHvPPO6zeN+VjbJMkSSfByaKhaq+7qfCf/T/oaCaiYO/X+oUumDNVhMiNHiB4ZTewd1bL5g0tItFySubYuNGL964OzLPKKhxBiK+vl3jqjsXho3u/kHHi9fiqwbNWn4iM1dyZiUj4OThBnX8j8wc3TXwzwzA/81d/pPosJPs7du3qgePU6otXL1zRWJKWnlBlgFJNLAcCV3b1Fk+c0x/c5ThTkJCxaHjo06+0zNuJsgDSuDFId26R0wY2flf3uaWLv74tDS7iUFzrye+yC4j0gLgNIxqpctejl0xpf6XjjkbdsQNXLHlUEymKVclyHrQUO4gmt4By7qAgz2XGx0R3PhbIkCf0/XstYc1w6Ni9qRm6osJ5tCoAZDeHigGZ5YawWikwUnN8eNHBA7v2b7ZZkuOZJZiYo1xtk0I51JXHbmfPoQUCBA5PcjAgVZEIAoUgFYE4AnAHu2C/niZA07SmWkCEaTct47nqIAKbsu/dt3ZuykBszdfO8DzmYSB14CjVgNli1MXpvdq07pQISL302sfvH3ruWzLhd9uPMmoCSoKKBMLzoSY+VOv+sM61Cyx80ty8Nb4wPGLHact3BJrMAEjCtmgVrGmAZ07RYUM6fDVKMOL7GyXS+evtF+wfk90Vo7OUUKUmQlVpKybPnHEoM4tan0Mp124fb/C6HExl7NMSEuyepBNAL4lSj9p8H3l7Yysk1mSEpAs0ri+wYRkjlFz+uxcQ6HXaWnet289bZ6R/lZDkQzOUgCDiQcPN7vM6Jljm2OnHZ7bhZsJdcZOWXj0nd5oj3OpJIMMIYP6hwzv26zAY9mXsMGEEBoac/7Bo5TKBCOBSaSgYunifyye3Lfulxyh+JrwaYsP3X6Y9j2SKUByDrCUJFOSE9G+VfUNkZMGDfx3tu440vLhuvh4mb2XENcrMmbj3EzKrbC9YACRocBIUkAgEVSIFzo1r7/lp15tRlrisC1o7Vr7d9smBLxDuJ82lAYWeM4EvMCCHYjAm1gQVSKQIguc/PWCMQkZZRPtQGgxGSAB9AjBoEbewwL8XL6ahxCx8cT2Y3+k9xBYGZCJALWkMw7oXDu0d6Ny/7LIk5OTVWfuZk+IPRo/NY+kGJyvzyEE/n4ex0I6len0tXP64TOX20yYte5XgwlxJCUArj2s5ON9p76/X5xAywhIRpIQzndDJEWzSJAQo9ObHFNSXpe+dfdeNaNIO2Dfg2DkzTUQ1Sv6nJs3eWorT0/iY7z78h9JvuPCY869ycpzl0gdMKQKZBMBgpQuqlkP2mAwgL1WDaJJAIahzLUFnFoDPM+DzAhAc3bmM7iDRg2EoNP36xawJGToj1M+LNZr8YlVh46Zc15HMBqTbARGJKFPp7bzQkd3sdgPkn/h305N1U4IWfBH0rM0X5lBgFO0a/mVPjd/cq+WH45C+a9ZF3towJI1O1YiVs2aTCJwNO7XgGMqCFzs2NTIWeM6fF+59JVvecjyFWyZieH+/aceW347PPXnY5eG2wEJBrzzZGmgAEHVkt9dnRg0qKd/+WJJ/w75fItu/8RYmyYEnIdwNP7NMJZUgZ40AG8AKO4Ar0lZxRoJg4izakVa4wBmny4O2Jn3uzi/HWfiIwCZtKNy37zWqUuocLYjQqAXTdJPjX1Gta3g+DFx518W49Ms/+kxB/a94+liONVfQwGUdCHuzA7p1szDnvhsrcL9F2m+i9Zf+DXhTUYFYGlzAZGzxi53Upca7er6e535kvH2HT7TaerCLbEmRLAULQKPZOBkErS0lJONBAcaaFyNSOBKTXwPUZRIICigWQYEQQRBZIGhAFSMDE5qInX2jAldG1Ur85c8jTPX4qtOnLbsdDYvOoiQByAzQBNqoBg98BLuaiSaU6MlvPsy8WBnJgcDaFQqMIoymGTKXIugJQVd/w4tlo4d0TP80zLgu4nPSw0JmnXpda5QiOAI4GQCAurV3LZgxtDe/+6ivX7/qcfEadFXXufkevGiCQhEQrO61X9bOXck9iG8b9P0yd+lG3fLRURv//nB87RKiBTMCU2IB5ApBwAqAzSsWqpevvzvETOH9PoWR+cn9QnUp3JPXXlQffritfvS32R5GiURmwSc1HTemIG9h/fp2Oi/tk+kzRPCgbtpwziKBpHgwZ5iMlpXdgrzdnG7RZB6kRYlE0EiQZRk8wKh/nQq4v+TJP5FUl19a+p1NiFruCiQFE47FSQk9GzoPa6dn+PSLy3WBT9fWr7//LPhmHGQqAdnDZ3ZpGapnb1aV53mYW+fl5EB7Pt6ozdyXh5oOU4tZjCs4+646/Mv3klqxxPACQICluago3+pZcF9ao/+0tviyKmLraZEbtqdYxC0SNKDzGiBkUgAZASB44AWRLM3O38rMpyXIYoi4Go8CkzgpJFTp44fMajl99UO5p/XhWv3K4wPX3I6Q8+7AoUfLjXwPAKCzgWC0ADNspCnN4CK05jbnunyckDF0sAbjGBvx2H5+gplfS53btN0+Q/Na/6a//644Gjo5Ojr8U8zyhMqAhhZhsoli16Zv2ZWoxIEUWCew+fscOT07e+nzVm6L0M0OZurLgUJurVttmzWxH6j8o/HO7SF63ZtOHL2zo+4mIplZHORmJuT85u0bModqCxzlSVhkGBQ7zbhIUO6mZOWLPnDxwVzPZj5jfPekYz/cIpycMT6QzfuPG6AQ85IMoGHE5eyNmJaLYri0319fb9YJm6J3P/UGJsmhI3nUlcdepA5hJEBREkAZ0J+0be+4w91/bwt9tzG3X/Xe9fFVzE6IzhqGLypA9Strtek9hUdPhtlSHqVUXzy8rgTr3V2PkjKBop0AYNOB8WLOZk4yviakWgRZBVD0rIoULkGMSeXZWgHkWI4IVOXVyQ9hy9MMY4gIhOoaAAPezJxVM+anWuX9fpsK7ODx860nzJv889GRKhpBoFAcEAKCEjEg6hSgWBEZkL40I8QLxT8Rsd7IPzwcpCbWbt6xXMDe/8YVtOvxK3PLaSLdx6WHTc1+sybjJzCjIoAUlKBilWLpXydr0o5JjuRIFiSYeV3mTqvpy9e2am1jkDTjLkvopu9lD16UI+RjWr4/IoQUnl5eWV8TsbQSfPizlxLaqMTjTg9HJxpMjc6MrRlPX/fS//O4g5ftHX+zr1HgvIkxDhq7YE06vTBw/uO6t+t5Yb891uybs+EdTv2TjcAoSUpGsAkQuWyJa536dR8wcr1+6NS3731MiITrkQAd3v7jPBJA7o3q1/1d0v0+rPRDO6M9ZdyZ+x07joi7MT1e0++p1nO7D/wcGSfL5k3vW6VMgWHmy2R/Z8YY9OE8D7smDYYKykACQ4S8bZvM02LxqU/v/A/+6a59yJwx6WM1XrEuqpBACSLpi7f+0zrWMFh/ufGr4+7ERb7+50QHVLZk6QJKFkCQaSAYmhz5R5B4R4FuJZfAiRlAqNyBhLZgSTqgKB0Rpp2UIkmnBGpB0IyAkNzcmBj34hRnWpN/dQ59UH2gaNnO0xduDVWlCmViHRgEBAUd3N7W6KI80OdLGpYgkT4OpJi8L8gyyLQFM27uTi99Cpe/EHd6n5H6lQu/cfXmm2cu3mv8rhpS4+/zePdSAoBKVBQv6Z/3MSQ/v1ED/sc1ZNMteQkyw/u3m8YvXLjgtR0vW+OARGcyh4okYfW9f1jxwwcMLxECeesLy3SVdt/Hbdo+Z4okaOAJAAYEUHr5vW2LJw6bNC3dhk6f+uZX3hk9G+v3mT6GikZWJECN630Knru5Kaf1jNgXU5ev11rxpzVe15n8kWBkQCQAVxVdqlTg0cMDWhedd/qbQeDlq//Za5eQiqCYYAwklC7qteJaRMH9vMtVizFkocOR1zyEwJO1gqZvebI9ftJ3wMuEEMSFHVVpUSFj21Yo1LpJ5bc1xbH2DwhnHz0ZjDeLou0A2gFSd+vKdWxoW/Jv1TZfQ3YozeSu225kb3KBFonVswFmUR81/q+YT/4Oc7Pv42/n2b0jVp7bF9ymq6cIAnmpqGEZACOcgDBJAHQyJy6jAScq4+rDwXAsQ9S4kBGORKQvIEinbXmmn+KB1pmwSgTUMbN7u7Yng16VizpfD//+ffwyfNtJs/bsktnAq2JxwTDQb9O7SJCR3QNx9tU3DcRAFjsPjCnWPxvWPCj57ughXX5xoNKY2cuPfYmh3cHQgBOJKBxHf9dyyJHd8+Pwc64k12XrNq8NEtPumPfAYgI7DnZ0LxB1R3DRvYZhxuWfE7e7QdPyoyZvOTU6+wsD1zvQQENKpqRZof06x7QvM5uSx1suD5h3ca4qCOnrvQXZBFEigTSgKB1g4o7l0aMx/kfH9/UuAw6cuHqbfeSUhoaJRZEZAQW6fTDe3WJHDOk2yysJ37Djw+P2bjv1NXewHIEdpxysij+2LFFzPTgvrg46eMx4Es4fo7IExPTHeasWPvb5dt3m8gyZ67OLFpIm7Isckw9v1Kl/mv7RNo+ITxIHWwSTSAzzmAvSrpBzYgOdUqXPl7QQ/Dh95N3Xv6w/lL6Nh2httOgHCApydipnu+MjuUd5+VfDL9efDBgeeztVUZRYlQqEYwCBTyDveb4XE+BDLkg0/j5VIEgAtAUAbjdoTn+T+gMBM3RRpOWIRkeEMoFRnIFntGDnUAYhnesMiqwWfn1nzipzA/00eMX2wbPWfurSLAMQRmBkAV5YKe24eOG9/hqtaOl88fjzl26XSt4zvKj6XrZkZB5UMsENKvpFxs9r0lfgqj+L228Vm2NG7tm62+zMw2SmmJYc3TGTg3QLaBh5NRRfSZ/SXbovO1rdx86NBAxpJk0GZoGX2dIDho9fFTzBlU/myqM/Q84aoDfwsnJaa57j8WN3L779OgsHhwIlgBcoVpIZZc1LaR3n3ZNax740NgWb9mjl20KXffLqTCRluF9arIGapf/7mzkpN6dihUr9rGpSvzjFz6jp674/fHrd940y5tTmx1ZJidkTNeRXQOa/lsOQNyaLih8xZEb8Ql1RYkDIFnwdFW/XRw+tmG1it4J32IfWxprs4SAnTZ74o2rziTm9cINMwRSA24EmTesCRvgX7L4WUtBvJCUEbD6RGqsTkL2rGwAhrKDdhW1M5qWsV+MG5m6uLjkmkNJrzK/i9516Ze7Sbk1QJSAVSHZQADRtlzhbfZ22lyGYQQkAwUSLgLGXm6JlEGiHDWqTJ0g2VNqRk+aJKBFAr3JEksduX0/MI/VsFoBgSjS4F/G5XjMqEat8289f794o+WEOct35uTyjgw+/5IkdGtVf1H4uAET/67899tPn5YYNHr+zexswUkGo9kn0aRm5Z+XzQ368Us4LlqzY8b22EPB2RJhT1GY8kSw46iMvt06zhvZtwMOveLdyl/Sx09dj68/N2rJxpfvdD56RJoLrSgkg6OG1rduVGtTm6Z1dhR1dU12dDQaDQaGJ0mSKFy4cB7O9rz1+E2VnftOIfIIKgAACtlJREFUjjl/+VZHI8Kt2xGQ1Pv2rz3aN105M7jP8E91PX0loU7YnEW73uj4YjhHgQEairqyKaMGdwjp2Kr5rvzz2vDzwWEx63fOyUOMM8JaIyOUKO7xJHL84B+LuGru/klK39RFu9/oyDNXb99pAIwWsBPZ04VNiV0+v6qn5+f7W1q6Zv+T42yWEPAbYNmZ5+uuPsrpg6vUjDIHjkDmDQ5waV+7WCGLG6ScTszqsubEyy08SalI4IGQaOhQyX5uI296Nk3TZKFChYz4wYu7+KjHyt0XorJE0pNCHNAyBUWL2cVH9KnY8NO3zafG+lIb9tTU3MJztxzeeeNpTqP3nY40oKEMaeP6NenVrOp3f3Fmnb7+oHFQWNT+XJ1gx1AU5iLo2b5B9Izg/sF/18K4nPis/IigiCtGE2VnMGab24G1rl9r+9LZI3p9bZscPn/Til+OnB2KnQK8SQSGJsBJy7wd1r/rlL6BLf7SMegDFlv3nui/fM3WuRk65I4bipinL4mgpkhwtlOlFS/qmejtVfyBRq02E7FeZ9Lee5RQ89W7d8Uy8nJcBBlIjUYDEu75KElQo7zPlYg5Qa0/rW59+1a2Hx4advDuw6cNcOcnAijM1PywvoEzxgz44bMdk5KTM52Wbt669Ldj53qrtE5mwpFMJmhVp/Lu4CF9RiKUk+Xj44Pb2n+xV2J+2/cZGXHu6t0HdU1AmcO2xQtpUzYvnF7LkirKv8u2f/d9bJYQ8ERXnHy+4dyD9P4UASBSDDhI8puR7YsEVPIsZHEDkvNPdW3WHk7czDNqNxKXpQqEFFjFcWpg7WIfFw5uNrJy+/nNlxLeBSBapFjSAfdrF7q1Lz17SLt6syw5Z+Y3zNrDN8Ji4xLDTFQeQRK44EcvNahafNfcwS3/8lY+fjG+Vcisxb/lGUSV+atGNAW92zWICQvqF1RQnYGli+FWUkrpgcFzbubpSa1JyDETQqu6tWJjZg/r8bV74AcvdGHMtlNnL7WnVHYANAcmPhfcnbhXk8YOGvZDwxr781+Pj0QrNh8Ijt0TNzY7T/AwEYI5PGoO+xGEeXdCEZS5fyJuJ49E3P4ZAS4MkwkJaJICo14PHMVA5fIVboWP7trfL1/0JGxJbNTOfcfH8YgEbFNSNkHdauWOTJ86onspF5cvtsO/dvtxhckRi3c/S80sQzIaEHkRHNVE3oCenWaO6NMWV7/ivgaMJd2QsV9hYMj8E+dvJTQWZcbcis6rkPrFqoXT6voWc7XIWWmp/aw5zmYJAQO+7OjjTaeeQR98epcJEZxklD4swLNttWKuly0F6fwTY/vVh+6t11GsGy55YCRSCqxROLRrzSIfK97237wXGL3t6koTci0kEkZz0LmYBj2dMqpO46oeJZ5aKuvTcXey5JKzFx278ConqwhCEjCcGhg5N2/2sB9a1fFx+Fgbf/zi3bbBYQv2CRJJ4iiCgBD07thoRfiYAZgQ/pY23fefvPqu96iwhPRMo5rlZMApTs1qVDuwJiq4fUFzS0nJcZ2+cOnOS38kNjUixvxA04QRvD0cHweNHjykZS2/k/nvES/LbPzBC503/7wn9OnLd+VMokRwWg2YJBly9DpgOQpokgDRZDQTBcuo8TcnAOde4QQyOw6y6tf1P/zToH6T/Dz/+iGXXw5f6TI3evW6XKPkgCM+OJJT1N3+8axpo3rUq1Dm2tfmg9fUjr0ney1YsWlprlF2omgVCAIPxdy0b6aMGdSvVeNqRz7nQPzcPXHRV5+R4acu3k2qSzFqQCYeirvbv9q4cn5170La1wXhaqu/2ywhYMC2nXwYcSDRNJnB3m7SxDuzTGafpsV/rOFlf9pSQH9/ZOjx29kHc/QE7SkTEiJF4FtWcZ/XrYa72amIk1r2X3oxP+5ycm8jT2tZtYaQBZ2hZe3i28b3+n7U/6U4Zfn2C9G/XkoegpBAkKyaIUESAuv5LhjWtcbHOoUzF261mDgn+mejKHEkgJhnNLL9u7aOmTyy/wRL51jQuFuJiX5jJi/6PSM914VRyQZRItnGtavvXTJjTM+CrsW/377/uMK0yKXbUl7rfIy8yLAMiRCfI/lXLnt1SL8eIXVr/GtFH36wbiU88Tly7NZPF6/eaJf0IqUkIhmVRL3/viNONuQYnHAlmysTcQN6rYrKqFSu1M2ObRutrlO59HFXV9ecT/XDH8mZOGX+9mcpb6uJokxJkoRwf/Q+PdovHjugy2xL5oLDhYs37V1w9Pj5XkiiSImkNBpK0Ner6hs3enCvcT4+PhZ96SpZllWLpkTuPHHlbgsGN46UEVHS0+1xVMSUQB+vwo8t0cUWx9g0IVx/lFpLR9FFGWTP8STPERIQDX3td3ztYyH5QX4ly5qk+9kBoopjRRlRhuwcl1Ju9sf8vrP/+E3B05cS22UKoitBMxJJMrIs6sny3oVP/F+3fs+yspyTnxtqm2QDQ8gqGomkyk0lv67+SZNYvEXdf/JGB5mU8QebpAyd3rW0p/vN2tXKWXwsKmhh4fP9oXO32tEEjRAyEDpR0nq6FHlWz9/b4qQhvMt4lPi8hoFHapqhBFnkSZomhUq+vmd8fIqkfcUXwSQkv/ZMfPys8v1HT+o+TXld/tXLtBLp6RmeFEWJ3t7FHhVydX7uV8Hnop/fd5c9PDyefKkbVnJyWpGkly8r6niTE4giZadVZwskJ7esU/7Et+ymbj9OLfzwUVIDmiGlXF50UhOEkTTp5VrVy+39Up3E5+Z38sofAXoDaEQBMSxNII6m9U3qV8K9Ov6WnV1Bdv0nfrdpQvgnJlzQljAxMZH7b007/Sfw+sJ22ZzX/63ftvzze5Tywxcv3LPe6jxohjVVq1jy4bcmLv1d8yxoLfxdcv6b7vP/jhD+m4yj6KogYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRuB/AEQBtcR0EHD0AAAAAElFTkSuQmCC"
+    }
+]
\ No newline at end of file

diff --git a/ci.go b/ci.go
new file mode 100644 (file)
index 0000000..8519c65
--- /dev/null
+++ b/ci.go
@@ -0,0 +1,155 @@
+package main
+
+import (
+       "crypto/sha256"
+       "encoding/json"
+       "flag"
+       "fmt"
+       "github.com/crowdsecurity/crowdsec/pkg/cwhub"
+       "io"
+       "io/ioutil"
+       "log"
+       "os"
+)
+
+type typeInfo struct {
+       Path            string                 `json:"path"`
+       Stage           string                 `json:"stage,omitempty"`
+       Version         string                 `json:"version"`
+       Versions        map[string]versionInfo `json:"versions"`
+       LongDescription string                 `json:"long_description,omitempty"`
+       FileContent     string                 `json:"content"`
+       Description     string                 `json:"description,omitempty"`
+       Author          string                 `json:"author,omitempty"`
+       References      []string               `json:"references,omitempty"`
+       Labels          map[string]string      `json:"labels"`
+       Parsers         []string               `json:"parsers,omitempty"`
+       PostOverflows   []string               `json:"postoverflows,omitempty"`
+       Scenarios       []string               `json:"scenarios,omitempty"`
+       Collections     []string               `json:"collections,omitempty"`
+}
+
+type fileInfo struct {
+       Description   string            `yaml:"description"`
+       Author        string            `yaml:"author"`
+       References    []string          `yaml:"references"`
+       Labels        map[string]string `json:"labels"`
+       Parsers       []string          `yaml:"parsers,omitempty"`
+       PostOverflows []string          `yaml:"postoverflows,omitempty"`
+       Scenarios     []string          `yaml:"scenarios,omitempty"`
+       Collections   []string          `yaml:"collections,omitempty"`
+}
+
+type versionInfo struct {
+       Digest     string `json:"digest"`
+       Deprecated bool   `json:"deprecated"`
+}
+
+const (
+       parsersFolder       = "parsers/"
+       scenariosFolder     = "scenarios/"
+       postoverflowsFolder = "postoverflows/"
+       collectionsFolder   = "collections/"
+)
+
+var types = []string{
+       "parsers",
+       "scenarios",
+       "postoverflows",
+       "collections",
+}
+
+func getSHA256(filepath string) (string, error) {
+       /* Digest of file */
+       f, err := os.Open(filepath)
+       if err != nil {
+               return "", fmt.Errorf("unable to open '%s' : %s", filepath, err.Error())
+       }
+
+       defer f.Close()
+
+       h := sha256.New()
+       if _, err := io.Copy(h, f); err != nil {
+               return "", fmt.Errorf("unable to calculate sha256 of '%s': %s", filepath, err.Error())
+       }
+
+       return fmt.Sprintf("%x", h.Sum(nil)), nil
+}
+
+func main() {
+       var generate bool
+       var inputFile string
+       var outFile string
+       var target string
+
+       idx := make(map[string]map[string]typeInfo)
+       tmpIdx := make(map[string]map[string]typeInfo)
+
+       flag.StringVar(&target, "target", "all", "decide what to generate : blockers|configs|all")
+       flag.StringVar(&outFile, "output", ".index.json", "File to output index")
+       flag.BoolVar(&generate, "generate", false, "File to output index")
+       flag.StringVar(&inputFile, "input", ".index.json", "File to read index from")
+       flag.Parse()
+
+       if target == "all" || target == "configs" {
+               if generate == true {
+                       for _, t := range types {
+                               configType, err := generateIndex(t)
+                               if err != nil {
+                                       panic(err)
+                               }
+                               idx[t] = configType
+                       }
+               } else {
+                       // update .index file
+                       f, _ := ioutil.ReadFile(inputFile)
+
+                       _ = json.Unmarshal([]byte(f), &tmpIdx)
+
+                       for _, t := range types {
+                               updateIndex(t, idx, tmpIdx)
+                       }
+               }
+
+               json, err := json.MarshalIndent(idx, "", " ")
+               if err != nil {
+                       panic(err)
+               }
+               if err := ioutil.WriteFile(outFile, json, 0644); err != nil {
+                       log.Fatalf("failed writting new json index : %s", err)
+               }
+
+               /*Check if the generated index is correct*/
+               indexContent, err := ioutil.ReadFile(outFile)
+               if err != nil {
+                       log.Fatalf("Unable to read index : %v", err)
+               }
+               _, err = cwhub.LoadPkgIndex(indexContent)
+               if err != nil {
+                       log.Fatalf("Unable to load existing index : %v.", err)
+               }
+       }
+       if target == "all" || target == "blockers" {
+               blockers, err := LoadJSON("blockers/list.json")
+               if err != nil {
+                       log.Fatalf("failed to load json : %s", err)
+               }
+               log.Printf("Loaded %d blockers", len(blockers))
+               for x, blocker := range blockers {
+                       log.Printf("%d/%d", x+1, len(blockers))
+
+                       updated, err := UpdateItem(blocker)
+                       if err != nil {
+                               log.Fatalf("failed to update %+v : %s", blocker, err)
+                       }
+                       blockers[x] = updated
+               }
+               log.Printf("Dumping updated items")
+
+               if err := DumpJSON("blockers.json", blockers); err != nil {
+                       log.Fatalf("failed to dump new json file : %s", err)
+               }
+       }
+       return
+
+}

diff --git a/collections/crowdsecurity/.tests/apache2/acquis.yaml b/collections/crowdsecurity/.tests/apache2/acquis.yaml
new file mode 100644 (file)
index 0000000..6988314
--- /dev/null
+++ b/collections/crowdsecurity/.tests/apache2/acquis.yaml
@@ -0,0 +1,5 @@
+mode: cat
+filenames:
+ - ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+labels:
+  type: apache2

diff --git a/collections/crowdsecurity/.tests/apache2/apache2.log b/collections/crowdsecurity/.tests/apache2/apache2.log
new file mode 100644 (file)
index 0000000..cb6fa66
--- /dev/null
+++ b/collections/crowdsecurity/.tests/apache2/apache2.log
@@ -0,0 +1,4 @@
+93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-"
+164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
+195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
\ No newline at end of file

diff --git a/collections/crowdsecurity/.tests/iptables/acquis.yaml b/collections/crowdsecurity/.tests/iptables/acquis.yaml
new file mode 100644 (file)
index 0000000..495444c
--- /dev/null
+++ b/collections/crowdsecurity/.tests/iptables/acquis.yaml
@@ -0,0 +1,5 @@
+mode: cat
+filenames:
+ - ./collections/crowdsecurity/.tests/iptables/iptables.log
+labels:
+  type: syslog

diff --git a/collections/crowdsecurity/.tests/iptables/bucket_result.yaml b/collections/crowdsecurity/.tests/iptables/bucket_result.yaml
new file mode 100644 (file)
index 0000000..6348a25
--- /dev/null
+++ b/collections/crowdsecurity/.tests/iptables/bucket_result.yaml
@@ -0,0 +1,329 @@
+- Type: 1
+  Alert:
+    MapKey: 10a3ef02f2011534975441766719a68c88af1738
+    Sources:
+      42.42.42.93:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 42.42.42.93
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 42.42.42.93
+    Alert:
+      capacity: 15
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      eventscount: 16
+      id: 0
+      labels: []
+      leakspeed: 5s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/iptables-scan-multi_ports
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 42.42.42.93
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 42.42.42.93
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 15
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      eventscount: 16
+      id: 0
+      labels: []
+      leakspeed: 5s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/iptables-scan-multi_ports
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 42.42.42.93
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 42.42.42.93
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/collections/crowdsecurity/.tests/iptables/config.yaml b/collections/crowdsecurity/.tests/iptables/config.yaml
new file mode 100644 (file)
index 0000000..c31610a
--- /dev/null
+++ b/collections/crowdsecurity/.tests/iptables/config.yaml
@@ -0,0 +1,14 @@
+#configuration
+acquisition_file: acquis.yaml
+parser_results: parser_results.yaml
+bucket_results: bucket_result.yaml             
+postoverflow_input: po_input.yaml
+marshaled_time_year: 2020
+index: "./config/hub/.index.json"
+configurations:      
+  parsers:
+  - crowdsecurity/iptables-logs
+  - crowdsecurity/syslog-logs
+  - crowdsecurity/dateparse-enrich
+  scenarios:
+  - crowdsecurity/iptables-scan-multi_ports

diff --git a/collections/crowdsecurity/.tests/iptables/iptables.log b/collections/crowdsecurity/.tests/iptables/iptables.log
new file mode 100644 (file)
index 0000000..8d9933c
--- /dev/null
+++ b/collections/crowdsecurity/.tests/iptables/iptables.log
@@ -0,0 +1,563 @@
+Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 
+Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 
+Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 

diff --git a/collections/crowdsecurity/.tests/iptables/parser_results.yaml b/collections/crowdsecurity/.tests/iptables/parser_results.yaml
new file mode 100644 (file)
index 0000000..deaee24
--- /dev/null
+++ b/collections/crowdsecurity/.tests/iptables/parser_results.yaml
@@ -0,0 +1,70377 @@
+provisionalresults:
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:31
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:31
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "80"
+        facility: ""
+        int_eth: enp1s0
+        length: "40"
+        logsource: syslog
+        message: '[66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "52809"
+        timestamp: Dec 17 14:31:31
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:31
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "80"
+        facility: ""
+        int_eth: enp1s0
+        length: "40"
+        logsource: syslog
+        message: '[66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "52809"
+        timestamp: Dec 17 14:31:31
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:31Z"
+      StrTime: Dec 17 14:31:31
+      MarshaledTime: "2020-12-17T14:31:31Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:31
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:31
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "443"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "52809"
+        timestamp: Dec 17 14:31:31
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:31
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "443"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "52809"
+        timestamp: Dec 17 14:31:31
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:31Z"
+      StrTime: Dec 17 14:31:31
+      MarshaledTime: "2020-12-17T14:31:31Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "53"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "53"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "53"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "53"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "113"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "113"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "113"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "113"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "995"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "995"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "995"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "995"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "199"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "199"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "199"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "199"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3306"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3306"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3306"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3306"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "21"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "21"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "21"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "21"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3389"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3389"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3389"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3389"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "143"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "143"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "143"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "143"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:32
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:32
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:32Z"
+      StrTime: Dec 17 14:31:32
+      MarshaledTime: "2020-12-17T14:31:32Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3389"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3389"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3389"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3389"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "53"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "53"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "53"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "53"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "143"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "143"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "143"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "143"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "21"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "21"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "21"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "21"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "199"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "199"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "199"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "199"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3306"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3306"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3306"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3306"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "995"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "995"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "995"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "995"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "113"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "113"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "113"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "113"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "80"
+        facility: ""
+        int_eth: enp1s0
+        length: "40"
+        logsource: syslog
+        message: '[66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53076"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "80"
+        facility: ""
+        int_eth: enp1s0
+        length: "40"
+        logsource: syslog
+        message: '[66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53076"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "80"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "80"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1720"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1720"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "587"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "587"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "587"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "587"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1720"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1720"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "111"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "111"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "111"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "111"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "443"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "443"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "110"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "110"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "110"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "110"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1723"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1723"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1723"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1723"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "110"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "110"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "110"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "110"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "111"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "111"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "111"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "111"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1723"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1723"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1723"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1723"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1720"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1720"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1720"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1720"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "587"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "587"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "587"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "587"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5900"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5900"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5900"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5900"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "445"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "445"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "445"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "445"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "139"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "139"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "139"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "139"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "993"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "993"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "993"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "993"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "554"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "554"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "554"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "554"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "22"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "22"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8888"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8888"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8888"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8888"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "445"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "445"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "445"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "445"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5900"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5900"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5900"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5900"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "256"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "256"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "256"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "256"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1087"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1087"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1087"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1087"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "139"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "139"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "139"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "139"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8888"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8888"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "22"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "22"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8888"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8888"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "993"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "993"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "993"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "993"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "554"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "554"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "554"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "554"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1087"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1087"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1087"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1087"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1533"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1533"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1533"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1533"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5051"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5051"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5051"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5051"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "256"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "256"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "256"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "256"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1055"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1055"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1055"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1055"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2557"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2557"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2557"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2557"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "512"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "512"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "512"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "512"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1174"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1174"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1174"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1174"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8192"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8192"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8192"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8192"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "407"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "407"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "407"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "407"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24800"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24800"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24800"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24800"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2557"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2557"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2557"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2557"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1055"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1055"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1055"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1055"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1533"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1533"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1533"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1533"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5051"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5051"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5051"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5051"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "10629"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "10629"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "10629"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "10629"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "512"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "512"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "512"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "512"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2393"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2393"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2393"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2393"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8192"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8192"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8192"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8192"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24800"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24800"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24800"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24800"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1174"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1174"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1174"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1174"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "407"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "407"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "407"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "407"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2393"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2393"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2393"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2393"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "10629"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "10629"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "10629"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "10629"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3030"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3030"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3030"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3030"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2106"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2106"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2106"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2106"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "264"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "264"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "264"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:33
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "264"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:33
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:33Z"
+      StrTime: Dec 17 14:31:33
+      MarshaledTime: "2020-12-17T14:31:33Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "264"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "264"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "264"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "264"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2106"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2106"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2106"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2106"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3030"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3030"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3030"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3030"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "10629"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "10629"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "10629"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "10629"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2393"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2393"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2393"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2393"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1174"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1174"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1174"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:34
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1174"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:34
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:34Z"
+      StrTime: Dec 17 14:31:34
+      MarshaledTime: "2020-12-17T14:31:34Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "80"
+        facility: ""
+        int_eth: enp1s0
+        length: "40"
+        logsource: syslog
+        message: '[66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53077"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "80"
+        facility: ""
+        int_eth: enp1s0
+        length: "40"
+        logsource: syslog
+        message: '[66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53077"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2106"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2106"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2106"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2106"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "264"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "264"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24800"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24800"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "264"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "264"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24800"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24800"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3030"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3030"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3030"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3030"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "407"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "407"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "407"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "407"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8192"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8192"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8192"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8192"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "512"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "512"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "512"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "512"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5051"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5051"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5051"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5051"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2557"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2557"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2557"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2557"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1055"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1055"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1055"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1055"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1533"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1533"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1533"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1533"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "256"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "256"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "256"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "256"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1087"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1087"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1087"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1087"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "993"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "993"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "993"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "993"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "554"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "554"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "554"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "554"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "139"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "139"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "139"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "139"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8888"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8888"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8888"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8888"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1025"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5900"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5900"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5900"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5900"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "445"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "445"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "445"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "445"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "587"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "587"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "587"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "587"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1720"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1720"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1720"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1720"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "111"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "111"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "111"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "111"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "110"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "110"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "110"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "110"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1723"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1723"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1723"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1723"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "53"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "53"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "53"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "53"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "113"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "113"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "113"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "113"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3306"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3306"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3306"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3306"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "995"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "995"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "995"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "995"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "199"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "199"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "199"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "199"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "21"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "21"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "21"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "21"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "143"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "143"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "143"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "143"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3389"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3389"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3389"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3389"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5440"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5440"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1062"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1062"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1062"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1062"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5440"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5440"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1069"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1069"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1069"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1069"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "44176"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "44176"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "44176"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "44176"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6646"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6646"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6646"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6646"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "55600"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "55600"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "55600"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "55600"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3689"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3689"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3689"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3689"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23502"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23502"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23502"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23502"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "12000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "12000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "12000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "12000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5915"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5915"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5915"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5915"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6969"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6969"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6969"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6969"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4129"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4129"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4129"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4129"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1069"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1069"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1069"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1069"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1062"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1062"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1062"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1062"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5440"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5440"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5440"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5440"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3689"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3689"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3689"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3689"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "55600"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "55600"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "55600"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "55600"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6646"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6646"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6646"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6646"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "44176"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "44176"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "44176"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "44176"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23502"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23502"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23502"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23502"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5915"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5915"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5915"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5915"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4129"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4129"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4129"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4129"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "12000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "12000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "12000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "12000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6969"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6969"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6969"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6969"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16080"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1062"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1062"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1062"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1062"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1069"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1069"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1069"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1069"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5440"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5440"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5440"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5440"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3689"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3689"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "55600"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "55600"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "55600"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "55600"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3689"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3689"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "44176"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "44176"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "44176"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "44176"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23502"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23502"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23502"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "23502"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6646"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6646"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6646"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6646"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "12000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "12000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "12000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "12000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4129"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4129"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4129"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4129"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6969"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6969"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6969"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "6969"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5915"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5915"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5915"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5915"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "668"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "668"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "668"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "668"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9968"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9968"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3333"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3333"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3333"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3333"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9968"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9968"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1154"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1154"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1154"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1154"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1075"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1075"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1075"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1075"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9418"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9418"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9418"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9418"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1034"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1034"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1034"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1034"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3971"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3971"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3971"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3971"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5060"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5060"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5060"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5060"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4006"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4006"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4006"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4006"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "668"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "668"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "668"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "668"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "30"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "30"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "30"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "30"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1259"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1259"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1259"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1259"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "18040"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "18040"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "18040"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "18040"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2119"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2119"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2119"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2119"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1154"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1154"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3333"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3333"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3333"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3333"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1154"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1154"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9968"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9968"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9968"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9968"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9418"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9418"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9418"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9418"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1075"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1075"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1075"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1075"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4006"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4006"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4006"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4006"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5060"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5060"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5060"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5060"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3971"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3971"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3971"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3971"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1034"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1034"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1034"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1034"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2119"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2119"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2119"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2119"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "30"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "30"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "30"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "30"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "18040"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "18040"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "18040"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "18040"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1259"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1259"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1259"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1259"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "668"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "668"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "668"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "668"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9968"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9968"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9968"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9968"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1154"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1154"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1154"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1154"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3333"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3333"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3333"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3333"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9418"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9418"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9418"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9418"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1075"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1075"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1075"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1075"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1034"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1034"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1034"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1034"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4006"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4006"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4006"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4006"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3971"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3971"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3971"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3971"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5060"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5060"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5060"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5060"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "18040"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "18040"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "18040"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "18040"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "30"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "30"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "30"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "30"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2119"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2119"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2119"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2119"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1259"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1259"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1259"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1259"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "82"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "82"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "82"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "82"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1022"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1022"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1022"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1022"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "903"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "903"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "903"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "903"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1277"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1277"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1277"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1277"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3260"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3260"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3260"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3260"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4125"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4125"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4125"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4125"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9103"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9103"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9103"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9103"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7741"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7741"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7741"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:35
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7741"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:35
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:35Z"
+      StrTime: Dec 17 14:31:35
+      MarshaledTime: "2020-12-17T14:31:35Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "82"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "82"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "82"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "82"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24444"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24444"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24444"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24444"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2161"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2161"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2161"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2161"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3784"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3784"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3784"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3784"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "31038"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "31038"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "31038"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "31038"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1022"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1022"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1022"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1022"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1277"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1277"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1277"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1277"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "903"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "903"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "903"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "903"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9103"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9103"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9103"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9103"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4125"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4125"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4125"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4125"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7741"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7741"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7741"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7741"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3260"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3260"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3260"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3260"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3784"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3784"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3784"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3784"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2161"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2161"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2161"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2161"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "31038"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "31038"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "31038"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "31038"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24444"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24444"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24444"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24444"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "82"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "82"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "903"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "903"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "82"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "82"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "903"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "903"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1277"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1277"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1277"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1277"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1022"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1022"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1022"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1022"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2009"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2135"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3260"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3260"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3260"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3260"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7741"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7741"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7741"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "7741"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4125"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4125"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4125"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4125"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9103"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9103"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9103"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "9103"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24444"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24444"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24444"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "24444"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "31038"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "31038"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2161"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2161"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "31038"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "31038"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2161"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "2161"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3784"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3784"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3784"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3784"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "90"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "90"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "90"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "90"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5102"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5102"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5102"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5102"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "705"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "705"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "705"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "705"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3128"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3128"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3128"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3128"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4998"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4998"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4998"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4998"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4567"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4567"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3551"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3551"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3551"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3551"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4567"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4567"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5414"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5414"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5414"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5414"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "90"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "90"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "90"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "90"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1166"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1166"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1166"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1166"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5802"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5802"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5802"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5802"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "777"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "777"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "777"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "777"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1721"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1721"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1721"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1721"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53065"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "705"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "705"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "705"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "705"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5102"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5102"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5102"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5102"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "80"
+        facility: ""
+        int_eth: enp1s0
+        length: "40"
+        logsource: syslog
+        message: '[66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53078"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "80"
+        facility: ""
+        int_eth: enp1s0
+        length: "40"
+        logsource: syslog
+        message: '[66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53078"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5414"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5414"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5414"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5414"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4998"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4998"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4998"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4998"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4567"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4567"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4567"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4567"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3551"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3551"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3551"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "3551"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "16000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "777"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "777"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1721"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1721"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "777"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "777"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1721"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1721"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1166"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1166"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1166"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "1166"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5802"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5802"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5802"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5802"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53066"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "90"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "90"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "90"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "90"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5102"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5102"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5102"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "5102"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "705"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "705"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "705"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "705"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+- s00-raw:
+    crowdsecurity/syslog-logs:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: '[66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      StrTime: Dec 17 14:31:36
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "4000"
+        facility: ""
+        int_eth: enp1s0
+        length: "44"
+        logsource: syslog
+        message: '[66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+        pid: ""
+        priority: ""
+        program: kernel
+        proto: TCP
+        src_ip: 42.42.42.93
+        src_port: "53067"
+        timestamp: Dec 17 14:31:36
+        timestamp8601: ""
+      Enriched:
+        MarshaledTime: "2020-12-17T14:31:36Z"
+      StrTime: Dec 17 14:31:36
+      MarshaledTime: "2020-12-17T14:31:36Z"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 42.42.42.93
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "80"
+    facility: ""
+    int_eth: enp1s0
+    length: "40"
+    logsource: syslog
+    message: '[66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "52809"
+    timestamp: Dec 17 14:31:31
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:31Z"
+  StrTime: Dec 17 14:31:31
+  MarshaledTime: "2020-12-17T14:31:31Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "443"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "52809"
+    timestamp: Dec 17 14:31:31
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:31Z"
+  StrTime: Dec 17 14:31:31
+  MarshaledTime: "2020-12-17T14:31:31Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "53"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "53"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "113"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "113"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "995"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "995"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "199"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "199"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3306"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3306"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "21"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "21"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3389"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3389"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "143"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "143"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "23"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "23"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:32
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:32Z"
+  StrTime: Dec 17 14:31:32
+  MarshaledTime: "2020-12-17T14:31:32Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "23"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "23"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3389"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3389"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "53"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "53"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "143"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "143"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "21"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "21"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "199"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "199"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3306"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3306"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "995"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "995"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "113"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "113"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "80"
+    facility: ""
+    int_eth: enp1s0
+    length: "40"
+    logsource: syslog
+    message: '[66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53076"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8080"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8080"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "80"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1720"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "587"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "587"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1720"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "135"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "135"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "111"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "111"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "443"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "110"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "110"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1723"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1723"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "110"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "110"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8080"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8080"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "135"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "135"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "111"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "111"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1723"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1723"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1025"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1025"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1720"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1720"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "587"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "587"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5900"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5900"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "445"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "445"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "139"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "139"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "993"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "993"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "554"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "554"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "22"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8888"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8888"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "445"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "445"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5900"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5900"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "256"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "256"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1025"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1025"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1087"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1087"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "139"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "139"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8888"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "22"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8888"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "993"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "993"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "554"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "554"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1087"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1087"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1533"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1533"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5051"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5051"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "256"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "256"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1055"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1055"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2557"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2557"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "512"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "512"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1174"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1174"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8192"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8192"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "407"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "407"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "24800"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "24800"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2557"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2557"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1055"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1055"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1533"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1533"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5051"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5051"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "10629"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "10629"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "512"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "512"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2393"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2393"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8192"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8192"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "24800"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "24800"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1174"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1174"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "407"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "407"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2393"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2393"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "10629"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "10629"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "7025"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "7025"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3030"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3030"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2106"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2106"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "264"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "264"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:33
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:33Z"
+  StrTime: Dec 17 14:31:33
+  MarshaledTime: "2020-12-17T14:31:33Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "264"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "264"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2106"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2106"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3030"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3030"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "7025"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "7025"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "10629"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "10629"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2393"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2393"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1174"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1174"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:34
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:34Z"
+  StrTime: Dec 17 14:31:34
+  MarshaledTime: "2020-12-17T14:31:34Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "80"
+    facility: ""
+    int_eth: enp1s0
+    length: "40"
+    logsource: syslog
+    message: '[66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53077"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2106"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2106"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "7025"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "7025"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "264"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "24800"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "264"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "24800"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3030"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3030"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "407"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "407"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8192"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8192"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "512"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "512"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5051"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5051"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2557"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2557"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1055"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1055"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1533"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1533"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "256"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "256"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1087"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1087"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "993"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "993"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "554"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "554"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "139"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "139"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8888"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8888"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1025"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1025"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5900"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5900"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "445"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "445"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "587"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "587"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8080"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8080"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1720"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1720"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "111"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "111"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "135"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "135"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "110"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "110"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1723"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1723"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "53"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "53"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "113"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "113"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3306"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3306"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "995"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "995"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "199"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "199"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "21"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "21"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "143"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "143"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3389"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3389"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "16080"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "16080"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "23"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "23"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5440"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1062"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1062"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5440"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1069"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1069"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "44176"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "44176"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6009"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6009"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6646"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6646"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "55600"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "55600"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3689"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3689"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "23502"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "23502"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "12000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "12000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "16080"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "16080"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5915"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5915"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6969"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6969"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4129"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4129"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1069"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1069"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1062"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1062"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5440"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5440"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3689"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3689"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6009"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "55600"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6009"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "55600"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6646"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6646"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "44176"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "44176"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "23502"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "23502"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5915"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5915"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4129"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4129"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "12000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "12000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6969"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6969"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "16080"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "16080"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1062"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1062"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1069"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1069"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5440"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5440"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3689"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "55600"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "55600"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3689"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "44176"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "44176"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "23502"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "23502"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6009"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6009"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6646"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6646"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "12000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "12000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4129"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4129"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6969"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "6969"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5915"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5915"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "668"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "668"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9968"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3333"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3333"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9968"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1154"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1154"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1075"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1075"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9418"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9418"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1034"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1034"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3971"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3971"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5060"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5060"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4006"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4006"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "668"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "668"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "30"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "30"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1259"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1259"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "18040"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "18040"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2119"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2119"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1154"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3333"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3333"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1154"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9968"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9968"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9418"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9418"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1075"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1075"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4006"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4006"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5060"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5060"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3971"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3971"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1034"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1034"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2119"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2119"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "30"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "30"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "18040"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "18040"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1259"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1259"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "668"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "668"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9968"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9968"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1154"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1154"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3333"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3333"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9418"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9418"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1075"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1075"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1034"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1034"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4006"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4006"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3971"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3971"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5060"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5060"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "18040"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "18040"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "30"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "30"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2119"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2119"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1259"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1259"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "82"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "82"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1022"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1022"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "903"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "903"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1277"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1277"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2009"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2009"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2135"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2135"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3260"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3260"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4125"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4125"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9103"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9103"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "7741"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "7741"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:35
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:35Z"
+  StrTime: Dec 17 14:31:35
+  MarshaledTime: "2020-12-17T14:31:35Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "82"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "82"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "24444"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "24444"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2161"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2161"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3784"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3784"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "31038"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "31038"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1022"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1022"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1277"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1277"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "903"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "903"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2135"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2135"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2009"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2009"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9103"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9103"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4125"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4125"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "7741"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "7741"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3260"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3260"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3784"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3784"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2161"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2161"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "31038"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "31038"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "24444"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "24444"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "82"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "903"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "82"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "903"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1277"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1277"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1022"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1022"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2009"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2009"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2135"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2135"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3260"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3260"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "7741"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "7741"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4125"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4125"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9103"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "9103"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "24444"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "24444"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "31038"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2161"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "31038"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "2161"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3784"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3784"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "90"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "90"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5102"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5102"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "705"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "705"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3128"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3128"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4998"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4998"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4567"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3551"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3551"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4567"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "16000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "16000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5414"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5414"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "90"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "90"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1166"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1166"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5802"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5802"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "777"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "777"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1721"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1721"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53065"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "705"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "705"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5102"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5102"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "80"
+    facility: ""
+    int_eth: enp1s0
+    length: "40"
+    logsource: syslog
+    message: '[66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53078"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5414"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5414"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4998"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4998"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4567"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4567"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3551"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "3551"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "16000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "16000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "777"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1721"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "777"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1721"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1166"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "1166"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5802"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5802"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53066"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "90"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "90"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5102"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "5102"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "705"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "705"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    Src: ./collections/crowdsecurity/.tests/iptables/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "4000"
+    facility: ""
+    int_eth: enp1s0
+    length: "44"
+    logsource: syslog
+    message: '[66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 '
+    pid: ""
+    priority: ""
+    program: kernel
+    proto: TCP
+    src_ip: 42.42.42.93
+    src_port: "53067"
+    timestamp: Dec 17 14:31:36
+    timestamp8601: ""
+  Enriched:
+    MarshaledTime: "2020-12-17T14:31:36Z"
+  StrTime: Dec 17 14:31:36
+  MarshaledTime: "2020-12-17T14:31:36Z"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 42.42.42.93

diff --git a/collections/crowdsecurity/.tests/iptables/po_input.yaml b/collections/crowdsecurity/.tests/iptables/po_input.yaml
new file mode 100644 (file)
index 0000000..6348a25
--- /dev/null
+++ b/collections/crowdsecurity/.tests/iptables/po_input.yaml
@@ -0,0 +1,329 @@
+- Type: 1
+  Alert:
+    MapKey: 10a3ef02f2011534975441766719a68c88af1738
+    Sources:
+      42.42.42.93:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 42.42.42.93
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 42.42.42.93
+    Alert:
+      capacity: 15
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      eventscount: 16
+      id: 0
+      labels: []
+      leakspeed: 5s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/iptables-scan-multi_ports
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 42.42.42.93
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 42.42.42.93
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 15
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      - meta:
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 42.42.42.93
+        timestamp: "2020-12-17T14:31:33Z"
+      eventscount: 16
+      id: 0
+      labels: []
+      leakspeed: 5s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/iptables-scan-multi_ports
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 42.42.42.93
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 42.42.42.93
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/collections/crowdsecurity/.tests/mysql/acquis.yaml b/collections/crowdsecurity/.tests/mysql/acquis.yaml
new file mode 100644 (file)
index 0000000..392ac69
--- /dev/null
+++ b/collections/crowdsecurity/.tests/mysql/acquis.yaml
@@ -0,0 +1,5 @@
+mode: cat
+filenames:
+ - ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log
+labels:
+  type: mysql

diff --git a/collections/crowdsecurity/.tests/mysql/mysql.log b/collections/crowdsecurity/.tests/mysql/mysql.log
new file mode 100644 (file)
index 0000000..1a7caea
--- /dev/null
+++ b/collections/crowdsecurity/.tests/mysql/mysql.log
@@ -0,0 +1,2 @@
+Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user 'root'@'27.155.87.54' (using password: YES)
+Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user 'root'@'27.155.87.54' (using password: NO)
\ No newline at end of file

diff --git a/collections/crowdsecurity/.tests/nginx/acquis.yaml b/collections/crowdsecurity/.tests/nginx/acquis.yaml
new file mode 100644 (file)
index 0000000..672790f
--- /dev/null
+++ b/collections/crowdsecurity/.tests/nginx/acquis.yaml
@@ -0,0 +1,5 @@
+mode: cat
+filenames:
+ - ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+labels:
+  type: nginx

diff --git a/collections/crowdsecurity/.tests/nginx/nginx.log b/collections/crowdsecurity/.tests/nginx/nginx.log
new file mode 100644 (file)
index 0000000..97bb2d8
--- /dev/null
+++ b/collections/crowdsecurity/.tests/nginx/nginx.log
@@ -0,0 +1,4 @@
+5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-"
+52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
\ No newline at end of file

diff --git a/collections/crowdsecurity/.tests/postfix/acquis.yaml b/collections/crowdsecurity/.tests/postfix/acquis.yaml
new file mode 100644 (file)
index 0000000..7651330
--- /dev/null
+++ b/collections/crowdsecurity/.tests/postfix/acquis.yaml
@@ -0,0 +1,5 @@
+mode: cat
+filenames:
+ - ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+labels:
+  type: syslog

diff --git a/collections/crowdsecurity/.tests/postfix/postfix.log b/collections/crowdsecurity/.tests/postfix/postfix.log
new file mode 100644 (file)
index 0000000..35b939f
--- /dev/null
+++ b/collections/crowdsecurity/.tests/postfix/postfix.log
@@ -0,0 +1,6 @@
+Dec  7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure
+Dec  7 23:23:37 mail postfix/smtpd[21281]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
+Dec  7 23:23:38 mail postfix/smtpd[21367]: connect from unknown[45.142.120.90]
+Dec  7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure
+Dec  7 23:23:40 mail postfix/smtpd[21207]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
+Dec  7 23:23:41 mail postfix/smtpd[21260]: connect from unknown[45.142.120.90]
\ No newline at end of file

diff --git a/collections/crowdsecurity/.tests/tcpdump/acquis.yaml b/collections/crowdsecurity/.tests/tcpdump/acquis.yaml
new file mode 100644 (file)
index 0000000..1b70179
--- /dev/null
+++ b/collections/crowdsecurity/.tests/tcpdump/acquis.yaml
@@ -0,0 +1,5 @@
+mode: cat
+filenames:
+ - ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+labels:
+  type: tcpdump

diff --git a/collections/crowdsecurity/.tests/tcpdump/tcpdump.log b/collections/crowdsecurity/.tests/tcpdump/tcpdump.log
new file mode 100644 (file)
index 0000000..fc8fc16
--- /dev/null
+++ b/collections/crowdsecurity/.tests/tcpdump/tcpdump.log
@@ -0,0 +1,4 @@
+11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0
+11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0
+11:31:20.553633 IP 4.2.3.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0
+11:31:20.553713 IP 172.1.2.3.22 > 4.2.3.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0
\ No newline at end of file

diff --git a/collections/crowdsecurity/.tests/vsftpd/acquis.yaml b/collections/crowdsecurity/.tests/vsftpd/acquis.yaml
new file mode 100644 (file)
index 0000000..f47d737
--- /dev/null
+++ b/collections/crowdsecurity/.tests/vsftpd/acquis.yaml
@@ -0,0 +1,5 @@
+mode: cat
+filenames:
+ - ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log
+labels:
+  type: vsftpd

diff --git a/collections/crowdsecurity/.tests/vsftpd/vsftpd.log b/collections/crowdsecurity/.tests/vsftpd/vsftpd.log
new file mode 100644 (file)
index 0000000..5d2bc4b
--- /dev/null
+++ b/collections/crowdsecurity/.tests/vsftpd/vsftpd.log
@@ -0,0 +1,3 @@
+Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"
+Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"
+Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"
\ No newline at end of file

diff --git a/collections/crowdsecurity/apache2.md b/collections/crowdsecurity/apache2.md
new file mode 100644 (file)
index 0000000..9ff8901
--- /dev/null
+++ b/collections/crowdsecurity/apache2.md
@@ -0,0 +1,4 @@
+A collection for apache2 :
+ - apache2 parser
+ - base http scenarios for crawl, scan etc.
+

diff --git a/collections/crowdsecurity/apache2.yaml b/collections/crowdsecurity/apache2.yaml
new file mode 100644 (file)
index 0000000..0bd826d
--- /dev/null
+++ b/collections/crowdsecurity/apache2.yaml
@@ -0,0 +1,13 @@
+parsers:
+#generic post-parsing of http stuff
+  - crowdsecurity/apache2-logs
+collections:
+  - crowdsecurity/base-http-scenarios
+description: "apache2 support : parser and generic http scenarios "
+author: crowdsecurity
+tags:
+  - linux
+  - apache2
+  - crawl
+  - scan
+

diff --git a/collections/crowdsecurity/base-http-scenarios.md b/collections/crowdsecurity/base-http-scenarios.md
new file mode 100644 (file)
index 0000000..d0e0ec6
--- /dev/null
+++ b/collections/crowdsecurity/base-http-scenarios.md
@@ -0,0 +1,14 @@
+**contains no parser, meant to be embedded**
+
+A collection of defensive (implementation independent) scenarios for http services :
+ - aggressive crawl detection
+ - scanning/probing detection
+ - bad user-agent detection
+ - path traversal detection
+ - sensitive data access attempts detection
+ - SQL injection detection
+
+:warning: This collection is _not_ a WAF and this scenario does _not_ aims at replacing a WAF.
+
+
+

diff --git a/collections/crowdsecurity/base-http-scenarios.yaml b/collections/crowdsecurity/base-http-scenarios.yaml
new file mode 100644 (file)
index 0000000..70bc56a
--- /dev/null
+++ b/collections/crowdsecurity/base-http-scenarios.yaml
@@ -0,0 +1,21 @@
+parsers:
+  - crowdsecurity/http-logs
+scenarios:
+  - crowdsecurity/http-crawl-non_statics
+  - crowdsecurity/http-probing
+  - crowdsecurity/http-bad-user-agent
+  - crowdsecurity/http-path-traversal-probing
+  - crowdsecurity/http-sensitive-files
+  - crowdsecurity/http-sqli-probing
+  - crowdsecurity/http-xss-probing
+  - crowdsecurity/http-backdoors-attempts
+  - ltsich/http-w00tw00t
+
+description: "http common : scanners detection"
+author: crowdsecurity
+tags:
+  - linux
+  - http
+  - crawl
+  - scan
+

diff --git a/collections/crowdsecurity/dovecot.md b/collections/crowdsecurity/dovecot.md
new file mode 100644 (file)
index 0000000..f3592a4
--- /dev/null
+++ b/collections/crowdsecurity/dovecot.md
@@ -0,0 +1,18 @@
+A collection for dovecot
+ * dovecot log parsers
+ * dovecot scenario bruteforce spam attempt
+
+This collection mostly aims at getting similar spam protection as
+the normal fail2ban dovecot configuration.
+
+The relevant `acquis.yaml` should be:
+
+```yaml
+filenames:
+  - /var/log/mail.log
+labels:
+  type: syslog
+```
+
+
+> Contribution by https://github.com/LtSich

diff --git a/collections/crowdsecurity/dovecot.yaml b/collections/crowdsecurity/dovecot.yaml
new file mode 100644 (file)
index 0000000..e38a64d
--- /dev/null
+++ b/collections/crowdsecurity/dovecot.yaml
@@ -0,0 +1,10 @@
+parsers:
+  - crowdsecurity/dovecot-logs
+scenarios:
+  - crowdsecurity/dovecot-spam
+description: "dovecot support : parser and spammer detection"
+author: crowdsecurity
+tags:
+  - linux
+  - spam
+  - bruteforce

diff --git a/collections/crowdsecurity/iptables.md b/collections/crowdsecurity/iptables.md
new file mode 100644 (file)
index 0000000..69b4e10
--- /dev/null
+++ b/collections/crowdsecurity/iptables.md
@@ -0,0 +1,4 @@
+A collection for portscan detection via iptables :
+ - iptables parser (like in `-j LOG`)
+ - multi port scan detection
+

diff --git a/collections/crowdsecurity/iptables.yaml b/collections/crowdsecurity/iptables.yaml
new file mode 100644 (file)
index 0000000..c2dd114
--- /dev/null
+++ b/collections/crowdsecurity/iptables.yaml
@@ -0,0 +1,11 @@
+parsers:
+  - crowdsecurity/iptables-logs
+scenarios:
+  - crowdsecurity/iptables-scan-multi_ports
+description: "iptables support : logs and port-scans detection scenarios"
+author: crowdsecurity
+tags:
+  - linux
+  - portscan
+  - iptables
+

diff --git a/collections/crowdsecurity/linux.md b/collections/crowdsecurity/linux.md
new file mode 100644 (file)
index 0000000..5cb85a3
--- /dev/null
+++ b/collections/crowdsecurity/linux.md
@@ -0,0 +1,3 @@
+**core package for linux**
+
+contains support for syslog, do not remove.

diff --git a/collections/crowdsecurity/linux.yaml b/collections/crowdsecurity/linux.yaml
new file mode 100644 (file)
index 0000000..824a6ee
--- /dev/null
+++ b/collections/crowdsecurity/linux.yaml
@@ -0,0 +1,11 @@
+parsers:
+  - crowdsecurity/syslog-logs
+  - crowdsecurity/geoip-enrich
+  - crowdsecurity/dateparse-enrich
+collections:
+  - crowdsecurity/sshd
+description: "core linux support : syslog+geoip+ssh"
+author: crowdsecurity
+tags:
+  - linux
+

diff --git a/collections/crowdsecurity/modsecurity.md b/collections/crowdsecurity/modsecurity.md
new file mode 100644 (file)
index 0000000..a6968b7
--- /dev/null
+++ b/collections/crowdsecurity/modsecurity.md
@@ -0,0 +1,3 @@
+A collection for modsecurity (tested only with Apache):
+ - modsecurity parser: `crowdsecurity/modsecurity`
+ - modsecurity scenario: `crowdsecurity/modsecurity
\ No newline at end of file

diff --git a/collections/crowdsecurity/modsecurity.yaml b/collections/crowdsecurity/modsecurity.yaml
new file mode 100644 (file)
index 0000000..0f3ec23
--- /dev/null
+++ b/collections/crowdsecurity/modsecurity.yaml
@@ -0,0 +1,10 @@
+parsers:
+  - crowdsecurity/modsecurity
+scenarios:
+  - crowdsecurity/modsecurity
+description: "modsecurity support : modsecurity parser and scenario"
+author: crowdsecurity
+tags:
+  - linux
+  - web
+  - waf
\ No newline at end of file

diff --git a/collections/crowdsecurity/mysql.md b/collections/crowdsecurity/mysql.md
new file mode 100644 (file)
index 0000000..5ba6bdb
--- /dev/null
+++ b/collections/crowdsecurity/mysql.md
@@ -0,0 +1,4 @@
+A collection for mysql services :
+ - mysql logs parser
+ - bruteforce detection
+ 
\ No newline at end of file

diff --git a/collections/crowdsecurity/mysql.yaml b/collections/crowdsecurity/mysql.yaml
new file mode 100644 (file)
index 0000000..75d9f67
--- /dev/null
+++ b/collections/crowdsecurity/mysql.yaml
@@ -0,0 +1,10 @@
+parsers:
+  - crowdsecurity/mysql-logs
+scenarios:
+  - crowdsecurity/mysql-bf
+description: "mysql support : logs and brute-force scenarios"
+author: crowdsecurity
+tags:
+  - linux
+  - mysql
+  - bruteforce

diff --git a/collections/crowdsecurity/naxsi.md b/collections/crowdsecurity/naxsi.md
new file mode 100644 (file)
index 0000000..3460d5b
--- /dev/null
+++ b/collections/crowdsecurity/naxsi.md
@@ -0,0 +1,4 @@
+A collection to detect virtual patch violations :
+ - naxsi logs parser
+ - vpatch high id (>9999) trigger rule
+ 
\ No newline at end of file

diff --git a/collections/crowdsecurity/naxsi.yaml b/collections/crowdsecurity/naxsi.yaml
new file mode 100644 (file)
index 0000000..57ddda8
--- /dev/null
+++ b/collections/crowdsecurity/naxsi.yaml
@@ -0,0 +1,14 @@
+parsers:
+#generic post-parsing of http stuff
+  - crowdsecurity/nginx-logs
+  - crowdsecurity/naxsi-logs
+scenarios:
+  - crowdsecurity/naxsi-exploit-vpatch
+description: "naxsi support : parser and vpatch scenario"
+author: crowdsecurity
+tags:
+  - linux
+  - nginx
+  - naxsi
+  - exploit
+

diff --git a/collections/crowdsecurity/nginx.md b/collections/crowdsecurity/nginx.md
new file mode 100644 (file)
index 0000000..d3b3a04
--- /dev/null
+++ b/collections/crowdsecurity/nginx.md
@@ -0,0 +1,4 @@
+A collection to defend nginx against common attacks :
+ - nginx parser
+ - base http scenarios (crawl, 404 scan, bf)
+

diff --git a/collections/crowdsecurity/nginx.yaml b/collections/crowdsecurity/nginx.yaml
new file mode 100644 (file)
index 0000000..5e599f4
--- /dev/null
+++ b/collections/crowdsecurity/nginx.yaml
@@ -0,0 +1,13 @@
+parsers:
+#generic post-parsing of http stuff
+  - crowdsecurity/nginx-logs
+collections:
+  - crowdsecurity/base-http-scenarios
+description: "nginx support : parser and generic http scenarios"
+author: crowdsecurity
+tags:
+  - linux
+  - nginx
+  - crawl
+  - scan
+

diff --git a/collections/crowdsecurity/postfix.md b/collections/crowdsecurity/postfix.md
new file mode 100644 (file)
index 0000000..ca61e3b
--- /dev/null
+++ b/collections/crowdsecurity/postfix.md
@@ -0,0 +1,18 @@
+A collection for postfix
+ * postfix log parsers
+ * postscreen log parser
+ * postfix scenario bruteforce spam attempt
+ * postscreen rb attempt blacklist
+
+This collection mostly aims at getting a similar spam protection as
+the normal fail2ban postfix configuration although postcreen log
+management isn't included by default by fail2ban.
+
+The relevant `acquis.yaml` should be:
+
+```yaml
+filenames:
+  - /var/log/mail.log
+labels:
+  type: syslog
+```

diff --git a/collections/crowdsecurity/postfix.yaml b/collections/crowdsecurity/postfix.yaml
new file mode 100644 (file)
index 0000000..8b12217
--- /dev/null
+++ b/collections/crowdsecurity/postfix.yaml
@@ -0,0 +1,11 @@
+parsers:
+  - crowdsecurity/postfix-logs
+  - crowdsecurity/postscreen-logs
+scenarios:
+  - crowdsecurity/postfix-spam
+description: "postfix support : parser and spammer detection"
+author: crowdsecurity
+tags:
+  - linux
+  - spam
+  - bruteforce

diff --git a/collections/crowdsecurity/sshd.md b/collections/crowdsecurity/sshd.md
new file mode 100644 (file)
index 0000000..79b3116
--- /dev/null
+++ b/collections/crowdsecurity/sshd.md
@@ -0,0 +1,5 @@
+A collection to defend sshd against common attacks :
+ - ssh parser
+ - ssh bruteforce & enumeration detection
+ 
+

diff --git a/collections/crowdsecurity/sshd.yaml b/collections/crowdsecurity/sshd.yaml
new file mode 100644 (file)
index 0000000..20a2e32
--- /dev/null
+++ b/collections/crowdsecurity/sshd.yaml
@@ -0,0 +1,11 @@
+parsers:
+  - crowdsecurity/sshd-logs
+scenarios:
+  - crowdsecurity/ssh-bf
+description: "sshd support : parser and brute-force detection"
+author: crowdsecurity
+tags:
+  - linux
+  - ssh
+  - bruteforce
+

diff --git a/collections/crowdsecurity/vsftpd.md b/collections/crowdsecurity/vsftpd.md
new file mode 100644 (file)
index 0000000..1b1764f
--- /dev/null
+++ b/collections/crowdsecurity/vsftpd.md
@@ -0,0 +1,3 @@
+A collection to defend VSFTPD against common attacks :
+- VSFTPD parser: `crowdsecurity/vsftpd-logs`
+- bruteforce scenario : `crowdsecurity/vsftpd-bf`
\ No newline at end of file

diff --git a/collections/crowdsecurity/vsftpd.yaml b/collections/crowdsecurity/vsftpd.yaml
new file mode 100644 (file)
index 0000000..8f05007
--- /dev/null
+++ b/collections/crowdsecurity/vsftpd.yaml
@@ -0,0 +1,10 @@
+parsers:
+  - crowdsecurity/vsftpd-logs
+scenarios:
+  - crowdsecurity/vsftpd-bf
+description: "VSFTPD support : logs and brute-force scenarios"
+author: crowdsecurity
+tags:
+  - linux
+  - ftp
+  - bruteforce

diff --git a/collections/crowdsecurity/whitelist-good-actors.md b/collections/crowdsecurity/whitelist-good-actors.md
new file mode 100644 (file)
index 0000000..7b13e4c
--- /dev/null
+++ b/collections/crowdsecurity/whitelist-good-actors.md
@@ -0,0 +1,4 @@
+A collection to whitelist all good actors :
+ - rdns to use it in whitelists that need rdns
+ - rdns of all good search engine crawlers (googlebot, bing etc...)
+ - trusted partners like cloudflare
\ No newline at end of file

diff --git a/collections/crowdsecurity/whitelist-good-actors.yaml b/collections/crowdsecurity/whitelist-good-actors.yaml
new file mode 100644 (file)
index 0000000..69cf2fc
--- /dev/null
+++ b/collections/crowdsecurity/whitelist-good-actors.yaml
@@ -0,0 +1,10 @@
+postoverflows:
+  - crowdsecurity/seo-bots-whitelist
+  - crowdsecurity/cdn-whitelist
+  - crowdsecurity/rdns
+description: "Good actors whitelists"
+author: crowdsecurity
+tags:
+  - whitelist
+  - bots
+  - partners

diff --git a/collections/crowdsecurity/wordpress.md b/collections/crowdsecurity/wordpress.md
new file mode 100644 (file)
index 0000000..29e1308
--- /dev/null
+++ b/collections/crowdsecurity/wordpress.md
@@ -0,0 +1,2 @@
+A collection to defend wordpress against bruteforce :
+ - wp-login.php bruteforce detection

diff --git a/collections/crowdsecurity/wordpress.yaml b/collections/crowdsecurity/wordpress.yaml
new file mode 100644 (file)
index 0000000..5936f8f
--- /dev/null
+++ b/collections/crowdsecurity/wordpress.yaml
@@ -0,0 +1,9 @@
+scenarios:
+  - crowdsecurity/http-bf-wordpress_bf
+description: "wordpress : bruteforce detection"
+author: crowdsecurity
+tags:
+  - linux
+  - wordpress
+  - bruteforce
+

diff --git a/generate.go b/generate.go
new file mode 100644 (file)
index 0000000..54e33f5
--- /dev/null
+++ b/generate.go
@@ -0,0 +1,194 @@
+package main
+
+import (
+       "encoding/base64"
+       "fmt"
+       "io/ioutil"
+       "log"
+       "os"
+       "path"
+       "path/filepath"
+       "strconv"
+       "strings"
+
+       "gopkg.in/yaml.v2"
+)
+
+func inSlice(s string, slice []string) bool {
+       for _, str := range slice {
+               if str == s {
+                       return true
+               }
+       }
+       return false
+}
+
+func (ti *typeInfo) generate(filepath string, configType string) (string, error) {
+       pathSplit := strings.Split(filepath, "/")
+       //generate doc path ?
+       pdocpath := strings.Replace(filepath, ".yaml", ".md", 1)
+
+       if pathSplit[0] != configType {
+               return "", fmt.Errorf("invalid filepath (doesn't start with scenarios) : %s", filepath)
+       }
+
+       // Remove the first item (we don't need it)
+       pathSplit = pathSplit[1:]
+
+       // set user, stage and config name
+       var user string
+       var configName string
+       if configType == "parsers" || configType == "postoverflows" {
+               if len(pathSplit) != 3 {
+                       return "", fmt.Errorf("invalid filepath '%s', should be : './%s//<user>/<scenario.yaml>'", configType, filepath)
+               }
+               ti.Stage = pathSplit[0]
+               user = pathSplit[1]
+               configName = pathSplit[2]
+               configName = strings.Split(configName, ".")[0]
+       } else if configType == "scenarios" {
+               if len(pathSplit) != 2 {
+                       return "", fmt.Errorf("invalid filepath '%s', should be : './scenarios/<user>/<scenario.yaml>'", filepath)
+               }
+               user = pathSplit[0]
+               configName = pathSplit[1]
+               configName = strings.Split(configName, ".")[0]
+       } else if configType == "collections" {
+               if len(pathSplit) != 2 {
+                       return "", fmt.Errorf("invalid filepath '%s', should be : './collections/<user>/<scenario.yaml>'", filepath)
+               }
+               user = pathSplit[0]
+               configName = pathSplit[1]
+               configName = strings.Split(configName, ".")[0]
+       }
+
+       // set the filepath
+       ti.Path = filepath
+       // set the author from the user
+       ti.Author = user
+
+       // set file information : autor, references, description
+
+       /* Get description, author and references from the file */
+       var fInfo fileInfo
+       yamlFile, err := ioutil.ReadFile(filepath)
+       if err != nil {
+               return "", err
+       }
+       err = yaml.Unmarshal(yamlFile, &fInfo)
+       if err != nil {
+               return "", err
+       }
+       if fInfo.Author != "" {
+               ti.Author = fInfo.Author
+       }
+       if len(fInfo.References) > 0 {
+               ti.References = fInfo.References
+       }
+
+       if fInfo.Description != "" {
+               ti.Description = fInfo.Description
+       }
+
+       if fInfo.Labels != nil {
+               ti.Labels = fInfo.Labels
+
+               // var tags_to_keep = []string{"service", "type"}
+               // for _, v := range tags_to_keep {
+               //      if x, ok := fInfo.Labels[v]; ok {
+               //              ti.Tags = append(ti.Tags, x)
+               //      }
+               // }
+       }
+
+       if configType == "collections" {
+               if len(fInfo.Parsers) > 0 {
+                       ti.Parsers = fInfo.Parsers
+               }
+               if len(fInfo.PostOverflows) > 0 {
+                       ti.PostOverflows = fInfo.PostOverflows
+               }
+               if len(fInfo.Scenarios) > 0 {
+                       ti.Scenarios = fInfo.Scenarios
+               }
+               if len(fInfo.Collections) > 0 {
+                       ti.Collections = fInfo.Collections
+               }
+       }
+
+       // versions informations (digest and deprecated for each version)
+       if len(ti.Versions) == 0 {
+               ti.Versions = make(map[string]versionInfo)
+               h, err := getSHA256(filepath)
+               if err != nil {
+                       return "", fmt.Errorf("unable to get sha256 of '%s' : %v", filepath, err)
+               }
+               var vInfo versionInfo
+               vInfo.Digest = h
+               vInfo.Deprecated = false
+               ti.Versions["0.1"] = vInfo
+               ti.Version = "0.1"
+       } else {
+               lastVersion := ti.Version
+               lastDigest := ti.Versions[lastVersion].Digest
+               currentDigest, err := getSHA256(filepath)
+               if err != nil {
+                       return "", fmt.Errorf("unable to get sha256 of '%s' : %v", filepath, err)
+               }
+               if currentDigest != lastDigest {
+                       floatVersion, err := strconv.ParseFloat(ti.Version, 32)
+                       if err != nil {
+                               return "", fmt.Errorf("unable to convert version '%s' to float : %s", ti.Version, err.Error())
+                       }
+                       newVersion := fmt.Sprintf("%0.1f", floatVersion+0.1)
+                       ti.Version = newVersion
+                       log.Printf("%s new version : %s (sha:%s)", ti.Path, newVersion, currentDigest)
+                       var vInfo versionInfo
+                       vInfo.Digest = currentDigest
+                       vInfo.Deprecated = false
+                       ti.Versions[newVersion] = vInfo
+               }
+       }
+
+       hubName := fmt.Sprintf("%s/%s", user, configName)
+       /*if we're all good, check if markdown documentation exists and join it*/
+       //pdocpath
+       mdFile, err := ioutil.ReadFile(pdocpath)
+       if err == nil {
+               ti.LongDescription = base64.StdEncoding.EncodeToString([]byte(string(mdFile)))
+       }
+       ti.FileContent = base64.StdEncoding.EncodeToString([]byte(string(yamlFile)))
+       return hubName, nil
+}
+
+func generateIndex(configType string) (map[string]typeInfo, error) {
+       var files []string
+       tInfo := make(map[string]typeInfo)
+       folder := path.Join("./", configType)
+
+       err := filepath.Walk(folder, func(path string, info os.FileInfo, err error) error {
+               if strings.HasSuffix(path, ".yaml") {
+                       files = append(files, path)
+               }
+               return nil
+       })
+
+       if err != nil {
+               panic(err)
+       }
+
+       for _, filepath := range files {
+               if strings.HasPrefix(filepath, folder) {
+                       var info typeInfo
+                       var hubName string
+                       var err error
+                       hubName, err = info.generate(filepath, configType)
+                       if err != nil {
+                               fmt.Printf("skipping '%s' because : %s\n", filepath, err.Error())
+                       } else {
+                               tInfo[hubName] = info
+                       }
+               }
+       }
+       return tInfo, nil
+}

diff --git a/go.mod b/go.mod
new file mode 100644 (file)
index 0000000..917ebb6
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,13 @@
+module main
+
+go 1.13
+
+require (
+       github.com/crowdsecurity/crowdsec v1.0.2
+       github.com/davecgh/go-spew v1.1.1
+       github.com/google/go-github v17.0.0+incompatible
+       github.com/prometheus/common v0.15.0
+       golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+       google.golang.org/appengine v1.6.6
+       gopkg.in/yaml.v2 v2.3.0
+)

diff --git a/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/acquis.yaml b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/acquis.yaml
new file mode 100644 (file)
index 0000000..810e231
--- /dev/null
+++ b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/acquis.yaml
@@ -0,0 +1,3 @@
+mode: cat
+filenames:
+ - ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log

diff --git a/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/config.yaml b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/config.yaml
new file mode 100644 (file)
index 0000000..ff3c2ac
--- /dev/null
+++ b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/config.yaml
@@ -0,0 +1,7 @@
+parser_results: parser_results.yaml
+acquisition_file: acquis.yaml
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/syslog-logs

diff --git a/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/parser_results.yaml b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..f378293
--- /dev/null
+++ b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/parser_results.yaml
@@ -0,0 +1,217 @@
+provisionalresults:
+- s00-raw:
+    crowdsecurity/non-syslog:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec  9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09'
+  s01-parse:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09'
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09'
+- s00-raw:
+    crowdsecurity/non-syslog:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec  9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.'
+  s01-parse:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.'
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.'
+- s00-raw:
+    crowdsecurity/non-syslog:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec  9 15:40:20 ghoua NetworkManager[1028]: <info>  [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:40:20 ghoua NetworkManager[1028]: <info>  [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE'
+  s01-parse:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  9 15:40:20 ghoua NetworkManager[1028]: <info>  [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:40:20 ghoua NetworkManager[1028]: <info>  [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE'
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  9 15:40:20 ghoua NetworkManager[1028]: <info>  [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:40:20 ghoua NetworkManager[1028]: <info>  [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE'
+- s00-raw:
+    crowdsecurity/non-syslog:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec  9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...'
+  s01-parse:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...'
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...'
+- s00-raw:
+    crowdsecurity/non-syslog:
+      ExpectMode: 1
+      Stage: s01-parse
+      Line:
+        Raw: 'Dec  9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.'
+  s01-parse:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.'
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.'
+        Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+        time: 0001-01-01T00:00:00Z
+        process: true
+      Parsed:
+        message: 'Dec  9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.'
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec  9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09'
+    Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+    time: 0001-01-01T00:00:00Z
+    process: true
+  Parsed:
+    message: 'Dec  9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09'
+  Process: true
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec  9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.'
+    Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+    time: 0001-01-01T00:00:00Z
+    process: true
+  Parsed:
+    message: 'Dec  9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.'
+  Process: true
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec  9 15:40:20 ghoua NetworkManager[1028]: <info>  [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE'
+    Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+    time: 0001-01-01T00:00:00Z
+    process: true
+  Parsed:
+    message: 'Dec  9 15:40:20 ghoua NetworkManager[1028]: <info>  [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE'
+  Process: true
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec  9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...'
+    Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+    time: 0001-01-01T00:00:00Z
+    process: true
+  Parsed:
+    message: 'Dec  9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...'
+  Process: true
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec  9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.'
+    Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
+    time: 0001-01-01T00:00:00Z
+    process: true
+  Parsed:
+    message: 'Dec  9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.'
+  Process: true

diff --git a/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
new file mode 100644 (file)
index 0000000..397f042
--- /dev/null
+++ b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log
@@ -0,0 +1,5 @@
+Dec  9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09
+Dec  9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.
+Dec  9 15:40:20 ghoua NetworkManager[1028]: <info>  [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE
+Dec  9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...
+Dec  9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.
\ No newline at end of file

diff --git a/parsers/s00-raw/crowdsecurity/syslog-logs.md b/parsers/s00-raw/crowdsecurity/syslog-logs.md
new file mode 100644 (file)
index 0000000..7ce8c8e
--- /dev/null
+++ b/parsers/s00-raw/crowdsecurity/syslog-logs.md
@@ -0,0 +1,5 @@
+# Syslog parser
+
+This is a generic linux syslog parser with time-support.
+This one often works along `crowdsecurity/skip-pretag`
+

diff --git a/parsers/s00-raw/crowdsecurity/syslog-logs.yaml b/parsers/s00-raw/crowdsecurity/syslog-logs.yaml
new file mode 100644 (file)
index 0000000..7b05c9b
--- /dev/null
+++ b/parsers/s00-raw/crowdsecurity/syslog-logs.yaml
@@ -0,0 +1,30 @@
+#If it's syslog, we are going to extract progname from it
+filter: "evt.Line.Labels.type == 'syslog'"
+onsuccess: next_stage
+name: crowdsecurity/syslog-logs
+grok:
+  #this is a named regular expression. grok patterns can be kept into separate files for readability
+  name: "SYSLOGLINE" 
+  #This is the field of the `Event` to which the regexp should be applied
+  apply_on: Line.Raw
+#if the node was successfull, statics will be applied.
+statics:
+  - parsed: "logsource"
+    value: "syslog"
+# syslog date can be in two different fields (one of hte assignment will fail)
+  - target: evt.StrTime
+    expression: evt.Parsed.timestamp
+  - target: evt.StrTime
+    expression: evt.Parsed.timestamp8601
+---
+#if it's not syslog, the type is the progname
+filter: "evt.Line.Labels.type != 'syslog'"
+onsuccess: next_stage
+name: crowdsecurity/non-syslog
+#debug: true
+statics:
+  - parsed: message
+    expression: evt.Line.Raw
+  - parsed: program
+    expression: evt.Line.Labels.type
+---

diff --git a/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/config.yaml
new file mode 100644 (file)
index 0000000..c397976
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/config.yaml
@@ -0,0 +1,7 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/apache2-logs

diff --git a/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..a9077e6
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_input.yaml
@@ -0,0 +1,70 @@
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 2020-12-11T12:43:47.855054626+01:00
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-"
+    program: apache2
+  Time: 2020-12-11T12:43:47.855149953+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 2020-12-11T12:43:47.855221252+01:00
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    message: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
+    program: apache2
+  Time: 2020-12-11T12:43:47.855589313+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 2020-12-11T12:43:47.85565447+01:00
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    program: apache2
+  Time: 2020-12-11T12:43:47.855803402+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 2020-12-11T12:43:47.855911794+01:00
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    program: apache2
+  Time: 2020-12-11T12:43:47.855995358+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 2020-12-11T12:43:47.855054626+01:00
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-"
+    program: apache2
+  Time: 2020-12-11T12:43:47.855149953+01:00
+  Process: true
\ No newline at end of file

diff --git a/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..6715113
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_results.yaml
@@ -0,0 +1,512 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/apache2-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        auth: '-'
+        bytes: "803"
+        clientip: 93.43.209.58
+        http_user_agent: '"-"'
+        httpversion: "1.0"
+        ident: '-'
+        message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /
+        response: "500"
+        target_fqdn: ""
+        timestamp: 08/Jun/2020:06:49:01 +0000
+        verb: GET
+      StrTime: 08/Jun/2020:06:49:01 +0000
+      Meta:
+        http_path: /
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 93.43.209.58
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        auth: '-'
+        bytes: "803"
+        clientip: 93.43.209.58
+        http_user_agent: '"-"'
+        httpversion: "1.0"
+        ident: '-'
+        message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /
+        response: "500"
+        target_fqdn: ""
+        timestamp: 08/Jun/2020:06:49:01 +0000
+        verb: GET
+      StrTime: 08/Jun/2020:06:49:01 +0000
+      Meta:
+        http_path: /
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 93.43.209.58
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/apache2-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        auth: '-'
+        bytes: "799"
+        clientip: 164.68.112.178
+        http_user_agent: '"masscan/1.0 (https://github.com/robertdavidgraham/masscan)"'
+        httpversion: "1.0"
+        ident: '-'
+        message: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /
+        response: "500"
+        target_fqdn: ""
+        timestamp: 08/Jun/2020:07:01:28 +0000
+        verb: GET
+      StrTime: 08/Jun/2020:07:01:28 +0000
+      Meta:
+        http_path: /
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 164.68.112.178
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        auth: '-'
+        bytes: "799"
+        clientip: 164.68.112.178
+        http_user_agent: '"masscan/1.0 (https://github.com/robertdavidgraham/masscan)"'
+        httpversion: "1.0"
+        ident: '-'
+        message: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /
+        response: "500"
+        target_fqdn: ""
+        timestamp: 08/Jun/2020:07:01:28 +0000
+        verb: GET
+      StrTime: 08/Jun/2020:07:01:28 +0000
+      Meta:
+        http_path: /
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 164.68.112.178
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/apache2-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        auth: '-'
+        bytes: "803"
+        clientip: 195.54.160.135
+        http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+        httpversion: "1.1"
+        ident: '-'
+        message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /solr/admin/info/system?wt=json
+        response: "500"
+        target_fqdn: ""
+        timestamp: 08/Jun/2020:08:04:43 +0000
+        verb: GET
+      StrTime: 08/Jun/2020:08:04:43 +0000
+      Meta:
+        http_path: /solr/admin/info/system?wt=json
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 195.54.160.135
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        auth: '-'
+        bytes: "803"
+        clientip: 195.54.160.135
+        http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+        httpversion: "1.1"
+        ident: '-'
+        message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /solr/admin/info/system?wt=json
+        response: "500"
+        target_fqdn: ""
+        timestamp: 08/Jun/2020:08:04:43 +0000
+        verb: GET
+      StrTime: 08/Jun/2020:08:04:43 +0000
+      Meta:
+        http_path: /solr/admin/info/system?wt=json
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 195.54.160.135
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/apache2-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        auth: '-'
+        bytes: "803"
+        clientip: 1.2.3.4
+        http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+        httpversion: "1.1"
+        ident: '-'
+        message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /solr/admin/info/system?wt=json
+        response: "500"
+        target_fqdn: www.crowdsec.net
+        timestamp: 08/Jun/2020:08:04:43 +0000
+        verb: GET
+      StrTime: 08/Jun/2020:08:04:43 +0000
+      Meta:
+        http_path: /solr/admin/info/system?wt=json
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 1.2.3.4
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        auth: '-'
+        bytes: "803"
+        clientip: 1.2.3.4
+        http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+        httpversion: "1.1"
+        ident: '-'
+        message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /solr/admin/info/system?wt=json
+        response: "500"
+        target_fqdn: www.crowdsec.net
+        timestamp: 08/Jun/2020:08:04:43 +0000
+        verb: GET
+      StrTime: 08/Jun/2020:08:04:43 +0000
+      Meta:
+        http_path: /solr/admin/info/system?wt=json
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 1.2.3.4
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/apache2-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        http_user_agent: '"-"'
+        auth: '-'
+        bytes: "803"
+        clientip: 93.43.209.58
+        httpversion: "1.0"
+        ident: '-'
+        message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /login
+        response: "500"
+        target_fqdn: ""
+        timestamp: 08/Jun/2020:06:49:01 +0000
+        verb: POST
+      StrTime: 08/Jun/2020:06:49:01 +0000
+      Meta:
+        http_path: /login
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 93.43.209.58
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        http_user_agent: '"-"'
+        auth: '-'
+        bytes: "803"
+        clientip: 93.43.209.58
+        httpversion: "1.0"
+        ident: '-'
+        message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /login
+        response: "500"
+        target_fqdn: ""
+        timestamp: 08/Jun/2020:06:49:01 +0000
+        verb: POST
+      StrTime: 08/Jun/2020:06:49:01 +0000
+      Meta:
+        http_path: /login
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 93.43.209.58
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    auth: '-'
+    bytes: "803"
+    clientip: 93.43.209.58
+    http_user_agent: '"-"'
+    httpversion: "1.0"
+    ident: '-'
+    message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-"
+    program: apache2
+    rawrequest: ""
+    referrer: '"-"'
+    request: /
+    response: "500"
+    target_fqdn: ""
+    timestamp: 08/Jun/2020:06:49:01 +0000
+    verb: GET
+  StrTime: 08/Jun/2020:06:49:01 +0000
+  Process: true
+  Meta:
+    http_path: /
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 93.43.209.58
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    auth: '-'
+    bytes: "799"
+    clientip: 164.68.112.178
+    http_user_agent: '"masscan/1.0 (https://github.com/robertdavidgraham/masscan)"'
+    httpversion: "1.0"
+    ident: '-'
+    message: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
+    program: apache2
+    rawrequest: ""
+    referrer: '"-"'
+    request: /
+    response: "500"
+    target_fqdn: ""
+    timestamp: 08/Jun/2020:07:01:28 +0000
+    verb: GET
+  StrTime: 08/Jun/2020:07:01:28 +0000
+  Process: true
+  Meta:
+    http_path: /
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 164.68.112.178
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    auth: '-'
+    bytes: "803"
+    clientip: 195.54.160.135
+    http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+    httpversion: "1.1"
+    ident: '-'
+    message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    program: apache2
+    rawrequest: ""
+    referrer: '"-"'
+    request: /solr/admin/info/system?wt=json
+    response: "500"
+    target_fqdn: ""
+    timestamp: 08/Jun/2020:08:04:43 +0000
+    verb: GET
+  StrTime: 08/Jun/2020:08:04:43 +0000
+  Process: true
+  Meta:
+    http_path: /solr/admin/info/system?wt=json
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 195.54.160.135
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    auth: '-'
+    bytes: "803"
+    clientip: 1.2.3.4
+    http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+    httpversion: "1.1"
+    ident: '-'
+    message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    program: apache2
+    rawrequest: ""
+    referrer: '"-"'
+    request: /solr/admin/info/system?wt=json
+    response: "500"
+    target_fqdn: www.crowdsec.net
+    timestamp: 08/Jun/2020:08:04:43 +0000
+    verb: GET
+  StrTime: 08/Jun/2020:08:04:43 +0000
+  Process: true
+  Meta:
+    http_path: /solr/admin/info/system?wt=json
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 1.2.3.4
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    http_user_agent: '"-"'
+    auth: '-'
+    bytes: "803"
+    clientip: 93.43.209.58
+    httpversion: "1.0"
+    ident: '-'
+    message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-"
+    program: apache2
+    rawrequest: ""
+    referrer: '"-"'
+    request: /login
+    response: "500"
+    target_fqdn: ""
+    timestamp: 08/Jun/2020:06:49:01 +0000
+    verb: POST
+  StrTime: 08/Jun/2020:06:49:01 +0000
+  Process: true
+  Meta:
+    http_path: /login
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 93.43.209.58

diff --git a/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/config.yaml
new file mode 100644 (file)
index 0000000..dbbb09a
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/config.yaml
@@ -0,0 +1,7 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/cowrie-logs

diff --git a/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..c2b9e9a
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_input.yaml
@@ -0,0 +1,28 @@
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Dec  8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log
+    time: 2020-12-11T12:09:00.981240029+01:00
+    Labels:
+      type: cowrie
+    process: true
+  Parsed:
+    message: 'Dec  8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]'
+    program: cowrie
+  Time: 2020-12-11T12:09:00.981329468+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Dec  8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log
+    time: 2020-12-11T12:09:00.981374452+01:00
+    Labels:
+      type: cowrie
+    process: true
+  Parsed:
+    message: 'Dec  8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]'
+    program: cowrie
+  Time: 2020-12-11T12:09:00.98211676+01:00
+  Process: true
\ No newline at end of file

diff --git a/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..968de77
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_results.yaml
@@ -0,0 +1,146 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse:
+    cowrie-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: cowrie
+        process: true
+      Parsed:
+        dest_ip: 1.2.3.4
+        dest_port: "2222"
+        message: 'Dec  8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]'
+        program: cowrie
+        source_ip: 4.2.3.1
+        telnet_session: 3e5a9212b91f
+      Meta:
+        dest_ip: 1.2.3.4
+        dest_port: "2222"
+        log_type: telnet_new_session
+        service: telnet
+        source_ip: 4.2.3.1
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: cowrie
+        process: true
+      Parsed:
+        dest_ip: 1.2.3.4
+        dest_port: "2222"
+        message: 'Dec  8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]'
+        program: cowrie
+        source_ip: 4.2.3.1
+        telnet_session: 3e5a9212b91f
+      Meta:
+        dest_ip: 1.2.3.4
+        dest_port: "2222"
+        log_type: telnet_new_session
+        service: telnet
+        source_ip: 4.2.3.1
+- s00-raw: {}
+  s01-parse:
+    cowrie-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: cowrie
+        process: true
+      Parsed:
+        dest_ip: 1.2.3.4
+        dest_port: "2222"
+        message: 'Dec  8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]'
+        program: cowrie
+        source_ip: 1.1.1.1
+        telnet_session: 3e5a9212s1f
+      Meta:
+        dest_ip: 1.2.3.4
+        dest_port: "2222"
+        log_type: telnet_new_session
+        service: telnet
+        source_ip: 1.1.1.1
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: cowrie
+        process: true
+      Parsed:
+        dest_ip: 1.2.3.4
+        dest_port: "2222"
+        message: 'Dec  8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]'
+        program: cowrie
+        source_ip: 1.1.1.1
+        telnet_session: 3e5a9212s1f
+      Meta:
+        dest_ip: 1.2.3.4
+        dest_port: "2222"
+        log_type: telnet_new_session
+        service: telnet
+        source_ip: 1.1.1.1
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec  8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: cowrie
+    process: true
+  Parsed:
+    dest_ip: 1.2.3.4
+    dest_port: "2222"
+    message: 'Dec  8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]'
+    program: cowrie
+    source_ip: 4.2.3.1
+    telnet_session: 3e5a9212b91f
+  Process: true
+  Meta:
+    dest_ip: 1.2.3.4
+    dest_port: "2222"
+    log_type: telnet_new_session
+    service: telnet
+    source_ip: 4.2.3.1
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec  8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: cowrie
+    process: true
+  Parsed:
+    dest_ip: 1.2.3.4
+    dest_port: "2222"
+    message: 'Dec  8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]'
+    program: cowrie
+    source_ip: 1.1.1.1
+    telnet_session: 3e5a9212s1f
+  Process: true
+  Meta:
+    dest_ip: 1.2.3.4
+    dest_port: "2222"
+    log_type: telnet_new_session
+    service: telnet
+    source_ip: 1.1.1.1

diff --git a/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/config.yaml
new file mode 100644 (file)
index 0000000..74d1ec6
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/config.yaml
@@ -0,0 +1,10 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/dovecot-logs
+
+  

diff --git a/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..f58153d
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_input.yaml
@@ -0,0 +1,23 @@
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Jan 28 10:16:13 dovecot-box dovecot[7508]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<toto@toto.com>, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/mail.info
+    time: 2020-12-11T13:05:46.765615945+01:00
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: "imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<toto@toto.com>, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>"
+    pid: "8421"
+    priority: ""
+    program: dovecot
+    timestamp: Nov 10 15:01:29
+    timestamp8601: ""
+  Time: 2020-12-11T13:05:46.765680868+01:00
+  StrTime: Nov 10 15:01:29
+  Process: true
+
+  

diff --git a/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..740be05
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_results.yaml
@@ -0,0 +1,89 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/dovecot-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Jan 28 10:16:13 dovecot-box dovecot[7508]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<toto@toto.com>, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/mail.info
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        dovecot_local_ip: 7.7.7.7
+        dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs)
+        dovecot_remote_ip: 4.4.4.4
+        dovecot_user: toto@toto.com
+        facility: ""
+        logsource: syslog
+        message: 'imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<toto@toto.com>, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>'
+        pid: "8421"
+        priority: ""
+        program: dovecot
+        protocol: imap
+        timestamp: Nov 10 15:01:29
+        timestamp8601: ""
+      StrTime: Nov 10 15:01:29
+      Meta:
+        log_type: dovecot_logs
+        source_ip: 4.4.4.4
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Jan 28 10:16:13 dovecot-box dovecot[7508]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<toto@toto.com>, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/mail.info
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        dovecot_local_ip: 7.7.7.7
+        dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs)
+        dovecot_remote_ip: 4.4.4.4
+        dovecot_user: toto@toto.com
+        facility: ""
+        logsource: syslog
+        message: 'imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<toto@toto.com>, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>'
+        pid: "8421"
+        priority: ""
+        program: dovecot
+        protocol: imap
+        timestamp: Nov 10 15:01:29
+        timestamp8601: ""
+      StrTime: Nov 10 15:01:29
+      Meta:
+        log_type: dovecot_logs
+        source_ip: 4.4.4.4
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Jan 28 10:16:13 dovecot-box dovecot[7508]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<toto@toto.com>, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/mail.info
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    dovecot_local_ip: 7.7.7.7
+    dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs)
+    dovecot_remote_ip: 4.4.4.4
+    dovecot_user: toto@toto.com
+    facility: ""
+    logsource: syslog
+    message: 'imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<toto@toto.com>, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>'
+    pid: "8421"
+    priority: ""
+    program: dovecot
+    protocol: imap
+    timestamp: Nov 10 15:01:29
+    timestamp8601: ""
+  StrTime: Nov 10 15:01:29
+  Process: true
+  Meta:
+    log_type: dovecot_logs
+    source_ip: 4.4.4.4

diff --git a/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/config.yaml
new file mode 100644 (file)
index 0000000..a0e3ace
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/config.yaml
@@ -0,0 +1,8 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+#configuration
+index: .index.json # relative to root
+configurations:
+  parsers:
+  - crowdsecurity/iptables-logs

diff --git a/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..3d2338e
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_input.yaml
@@ -0,0 +1,14 @@
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Jun  8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/iptables-logs/iptables.log
+    time: 2020-12-11T12:51:53.618550089+01:00
+    Labels:
+      type: kernel
+    process: true
+  Parsed:
+    message: 'Jun  8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0'
+    program: kernel
+  Time: 2020-12-11T12:51:53.618598112+01:00
+  Process: true

diff --git a/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..d3beb77
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_results.yaml
@@ -0,0 +1,80 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/iptables-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Jun  8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/iptables-logs/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: kernel
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8123"
+        int_eth: enp1s0
+        length: "40"
+        message: 'Jun  8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0'
+        program: kernel
+        proto: TCP
+        src_ip: 195.54.160.107
+        src_port: "8080"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 195.54.160.107
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Jun  8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/iptables-logs/iptables.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: kernel
+        process: true
+      Parsed:
+        action: ""
+        dst_ip: 51.15.166.67
+        dst_port: "8123"
+        int_eth: enp1s0
+        length: "40"
+        message: 'Jun  8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0'
+        program: kernel
+        proto: TCP
+        src_ip: 195.54.160.107
+        src_port: "8080"
+      Meta:
+        log_type: iptables_drop
+        service: tcp
+        source_ip: 195.54.160.107
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Jun  8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/iptables-logs/iptables.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: kernel
+    process: true
+  Parsed:
+    action: ""
+    dst_ip: 51.15.166.67
+    dst_port: "8123"
+    int_eth: enp1s0
+    length: "40"
+    message: 'Jun  8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0'
+    program: kernel
+    proto: TCP
+    src_ip: 195.54.160.107
+    src_port: "8080"
+  Process: true
+  Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 195.54.160.107

diff --git a/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/config.yaml
new file mode 100644 (file)
index 0000000..e702932
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/config.yaml
@@ -0,0 +1,8 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/mysql-logs

diff --git a/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..e607065
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_input.yaml
@@ -0,0 +1,28 @@
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log
+    time: 2020-12-11T12:55:59.702942091+01:00
+    Labels:
+      type: mysql
+    process: true
+  Parsed:
+    message: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)'
+    program: mysql
+  Time: 2020-12-11T12:55:59.702983219+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: NO)'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log
+    time: 2020-12-11T12:55:59.703044246+01:00
+    Labels:
+      type: mysql
+    process: true
+  Parsed:
+    message: 'Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: NO)'
+    program: mysql
+  Time: 2020-12-11T12:55:59.703760102+01:00
+  Process: true

diff --git a/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..02269b2
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_results.yaml
@@ -0,0 +1,79 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/mysql-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: mysql
+        process: true
+      Parsed:
+        message: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)'
+        program: mysql
+        source_ip: 27.155.87.54
+        time: "2020-04-16T05:13:40.861934Z"
+        user: root
+      Meta:
+        log_type: mysql_failed_auth
+        source_ip: 27.155.87.54
+        user: root
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: mysql
+        process: true
+      Parsed:
+        message: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)'
+        program: mysql
+        source_ip: 27.155.87.54
+        time: "2020-04-16T05:13:40.861934Z"
+        user: root
+      Meta:
+        log_type: mysql_failed_auth
+        source_ip: 27.155.87.54
+        user: root
+- s00-raw: {}
+  s01-parse: {}
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: mysql
+    process: true
+  Parsed:
+    message: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)'
+    program: mysql
+    source_ip: 27.155.87.54
+    time: "2020-04-16T05:13:40.861934Z"
+    user: root
+  Process: true
+  Meta:
+    log_type: mysql_failed_auth
+    source_ip: 27.155.87.54
+    user: root
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: NO)'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: mysql
+    process: true
+  Parsed:
+    message: 'Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: NO)'
+    program: mysql

diff --git a/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/config.yaml
new file mode 100644 (file)
index 0000000..8e811e1
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/config.yaml
@@ -0,0 +1,8 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/nginx-logs

diff --git a/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..cc6ae08
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_input.yaml
@@ -0,0 +1,70 @@
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 2020-12-11T13:02:38.187710403+01:00
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+    program: nginx
+  Time: 2020-12-11T13:02:38.187733387+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 2020-12-11T13:02:38.187790876+01:00
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    message: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-"
+    program: nginx
+  Time: 2020-12-11T13:02:38.1879352+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 2020-12-11T13:02:38.188000715+01:00
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    program: nginx
+  Time: 2020-12-11T13:02:38.188078433+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 2020-12-11T13:02:38.188137815+01:00
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    program: nginx
+  Time: 2020-12-11T13:02:38.188226774+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 2020-12-11T13:02:38.188137815+01:00
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    program: nginx
+  Time: 2020-12-11T13:02:38.188226774+01:00
+  Process: true

diff --git a/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..a1667a4
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_results.yaml
@@ -0,0 +1,482 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/nginx-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: nginx
+        process: true
+      Parsed:
+        body_bytes_sent: "522"
+        http_referer: '-'
+        http_user_agent: Go-http-client/1.1
+        http_version: "1.1"
+        message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+        program: nginx
+        remote_addr: 5.5.8.5
+        remote_user: '-'
+        request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo
+        status: "404"
+        target_fqdn: ""
+        time_local: 04/Jan/2020:07:25:02 +0000
+        verb: GET
+      StrTime: 04/Jan/2020:07:25:02 +0000
+      Meta:
+        http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo
+        http_status: "404"
+        log_type: http_access-log
+        service: http
+        source_ip: 5.5.8.5
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: nginx
+        process: true
+      Parsed:
+        body_bytes_sent: "522"
+        http_referer: '-'
+        http_user_agent: Go-http-client/1.1
+        http_version: "1.1"
+        message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+        program: nginx
+        remote_addr: 5.5.8.5
+        remote_user: '-'
+        request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo
+        status: "404"
+        target_fqdn: ""
+        time_local: 04/Jan/2020:07:25:02 +0000
+        verb: GET
+      StrTime: 04/Jan/2020:07:25:02 +0000
+      Meta:
+        http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo
+        http_status: "404"
+        log_type: http_access-log
+        service: http
+        source_ip: 5.5.8.5
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/nginx-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: nginx
+        process: true
+      Parsed:
+        body_bytes_sent: "0"
+        http_referer: '-'
+        http_user_agent: '-'
+        http_version: "1.1"
+        message: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-"
+        program: nginx
+        remote_addr: 2.30.19.10
+        remote_user: '-'
+        request: /
+        status: "400"
+        target_fqdn: ""
+        time_local: 04/Jan/2020:08:29:17 +0000
+        verb: GET
+      StrTime: 04/Jan/2020:08:29:17 +0000
+      Meta:
+        http_path: /
+        http_status: "400"
+        log_type: http_access-log
+        service: http
+        source_ip: 2.30.19.10
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: nginx
+        process: true
+      Parsed:
+        body_bytes_sent: "0"
+        http_referer: '-'
+        http_user_agent: '-'
+        http_version: "1.1"
+        message: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-"
+        program: nginx
+        remote_addr: 2.30.19.10
+        remote_user: '-'
+        request: /
+        status: "400"
+        target_fqdn: ""
+        time_local: 04/Jan/2020:08:29:17 +0000
+        verb: GET
+      StrTime: 04/Jan/2020:08:29:17 +0000
+      Meta:
+        http_path: /
+        http_status: "400"
+        log_type: http_access-log
+        service: http
+        source_ip: 2.30.19.10
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/nginx-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: nginx
+        process: true
+      Parsed:
+        body_bytes_sent: "550"
+        http_referer: '-'
+        http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+        http_version: "1.1"
+        message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        program: nginx
+        remote_addr: 52.59.61.4
+        remote_user: '-'
+        request: /index.php/nous-contacter/
+        status: "500"
+        target_fqdn: ""
+        time_local: 04/Jan/2020:08:41:43 +0000
+        verb: GET
+      StrTime: 04/Jan/2020:08:41:43 +0000
+      Meta:
+        http_path: /index.php/nous-contacter/
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 52.59.61.4
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: nginx
+        process: true
+      Parsed:
+        body_bytes_sent: "550"
+        http_referer: '-'
+        http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+        http_version: "1.1"
+        message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        program: nginx
+        remote_addr: 52.59.61.4
+        remote_user: '-'
+        request: /index.php/nous-contacter/
+        status: "500"
+        target_fqdn: ""
+        time_local: 04/Jan/2020:08:41:43 +0000
+        verb: GET
+      StrTime: 04/Jan/2020:08:41:43 +0000
+      Meta:
+        http_path: /index.php/nous-contacter/
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 52.59.61.4
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/nginx-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: nginx
+        process: true
+      Parsed:
+        body_bytes_sent: "550"
+        http_referer: '-'
+        http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+        http_version: "1.1"
+        message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        program: nginx
+        remote_addr: 52.59.61.4
+        remote_user: '-'
+        request: /index.php/nous-contacter/
+        status: "500"
+        target_fqdn: www.mydomain.com
+        time_local: 04/Jan/2020:08:41:43 +0000
+        verb: GET
+      StrTime: 04/Jan/2020:08:41:43 +0000
+      Meta:
+        http_path: /index.php/nous-contacter/
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 52.59.61.4
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: nginx
+        process: true
+      Parsed:
+        body_bytes_sent: "550"
+        http_referer: '-'
+        http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+        http_version: "1.1"
+        message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        program: nginx
+        remote_addr: 52.59.61.4
+        remote_user: '-'
+        request: /index.php/nous-contacter/
+        status: "500"
+        target_fqdn: www.mydomain.com
+        time_local: 04/Jan/2020:08:41:43 +0000
+        verb: GET
+      StrTime: 04/Jan/2020:08:41:43 +0000
+      Meta:
+        http_path: /index.php/nous-contacter/
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 52.59.61.4
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/nginx-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: nginx
+        process: true
+      Parsed:
+        body_bytes_sent: "550"
+        http_referer: '-'
+        http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+        http_version: "1.1"
+        message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        program: nginx
+        remote_addr: 52.59.61.4
+        remote_user: '-'
+        request: /login.php
+        status: "500"
+        target_fqdn: www.mydomain.com
+        time_local: 04/Jan/2020:08:41:43 +0000
+        verb: POST
+      StrTime: 04/Jan/2020:08:41:43 +0000
+      Meta:
+        http_path: /login.php
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 52.59.61.4
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: nginx
+        process: true
+      Parsed:
+        body_bytes_sent: "550"
+        http_referer: '-'
+        http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+        http_version: "1.1"
+        message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        program: nginx
+        remote_addr: 52.59.61.4
+        remote_user: '-'
+        request: /login.php
+        status: "500"
+        target_fqdn: www.mydomain.com
+        time_local: 04/Jan/2020:08:41:43 +0000
+        verb: POST
+      StrTime: 04/Jan/2020:08:41:43 +0000
+      Meta:
+        http_path: /login.php
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 52.59.61.4
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    body_bytes_sent: "522"
+    http_referer: '-'
+    http_user_agent: Go-http-client/1.1
+    http_version: "1.1"
+    message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+    program: nginx
+    remote_addr: 5.5.8.5
+    remote_user: '-'
+    request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo
+    status: "404"
+    target_fqdn: ""
+    time_local: 04/Jan/2020:07:25:02 +0000
+    verb: GET
+  StrTime: 04/Jan/2020:07:25:02 +0000
+  Process: true
+  Meta:
+    http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo
+    http_status: "404"
+    log_type: http_access-log
+    service: http
+    source_ip: 5.5.8.5
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    body_bytes_sent: "0"
+    http_referer: '-'
+    http_user_agent: '-'
+    http_version: "1.1"
+    message: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-"
+    program: nginx
+    remote_addr: 2.30.19.10
+    remote_user: '-'
+    request: /
+    status: "400"
+    target_fqdn: ""
+    time_local: 04/Jan/2020:08:29:17 +0000
+    verb: GET
+  StrTime: 04/Jan/2020:08:29:17 +0000
+  Process: true
+  Meta:
+    http_path: /
+    http_status: "400"
+    log_type: http_access-log
+    service: http
+    source_ip: 2.30.19.10
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    body_bytes_sent: "550"
+    http_referer: '-'
+    http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+    http_version: "1.1"
+    message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    program: nginx
+    remote_addr: 52.59.61.4
+    remote_user: '-'
+    request: /index.php/nous-contacter/
+    status: "500"
+    target_fqdn: ""
+    time_local: 04/Jan/2020:08:41:43 +0000
+    verb: GET
+  StrTime: 04/Jan/2020:08:41:43 +0000
+  Process: true
+  Meta:
+    http_path: /index.php/nous-contacter/
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 52.59.61.4
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    body_bytes_sent: "550"
+    http_referer: '-'
+    http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+    http_version: "1.1"
+    message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    program: nginx
+    remote_addr: 52.59.61.4
+    remote_user: '-'
+    request: /index.php/nous-contacter/
+    status: "500"
+    target_fqdn: www.mydomain.com
+    time_local: 04/Jan/2020:08:41:43 +0000
+    verb: GET
+  StrTime: 04/Jan/2020:08:41:43 +0000
+  Process: true
+  Meta:
+    http_path: /index.php/nous-contacter/
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 52.59.61.4
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    body_bytes_sent: "550"
+    http_referer: '-'
+    http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+    http_version: "1.1"
+    message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    program: nginx
+    remote_addr: 52.59.61.4
+    remote_user: '-'
+    request: /login.php
+    status: "500"
+    target_fqdn: www.mydomain.com
+    time_local: 04/Jan/2020:08:41:43 +0000
+    verb: POST
+  StrTime: 04/Jan/2020:08:41:43 +0000
+  Process: true
+  Meta:
+    http_path: /login.php
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 52.59.61.4

diff --git a/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/config.yaml
new file mode 100644 (file)
index 0000000..6ab2a47
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/config.yaml
@@ -0,0 +1,8 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/postfix-logs

diff --git a/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..a0315d8
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_input.yaml
@@ -0,0 +1,126 @@
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Dec  7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+    time: 2020-12-11T15:42:01.202977635+01:00
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+    pid: "21281"
+    priority: ""
+    program: postfix/smtpd
+    timestamp: Dec  7 23:23:36
+    timestamp8601: ""
+  Time: 2020-12-11T15:42:01.203091954+01:00
+  StrTime: Dec  7 23:23:36
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Dec  7 23:23:37 mail postfix/smtpd[21281]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+    time: 2020-12-11T15:42:01.20315228+01:00
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
+    pid: "21281"
+    priority: ""
+    program: postfix/smtpd
+    timestamp: Dec  7 23:23:37
+    timestamp8601: ""
+  Time: 2020-12-11T15:42:01.204131843+01:00
+  StrTime: Dec  7 23:23:37
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Dec  7 23:23:38 mail postfix/smtpd[21367]: connect from unknown[45.142.120.90]'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+    time: 2020-12-11T15:42:01.204190996+01:00
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: connect from unknown[45.142.120.90]
+    pid: "21367"
+    priority: ""
+    program: postfix/smtpd
+    timestamp: Dec  7 23:23:38
+    timestamp8601: ""
+  Time: 2020-12-11T15:42:01.204646207+01:00
+  StrTime: Dec  7 23:23:38
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Dec  7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+    time: 2020-12-11T15:42:01.204713425+01:00
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+    pid: "21207"
+    priority: ""
+    program: postfix/smtpd
+    timestamp: Dec  7 23:23:40
+    timestamp8601: ""
+  Time: 2020-12-11T15:42:01.205068464+01:00
+  StrTime: Dec  7 23:23:40
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Dec  7 23:23:40 mail postfix/smtpd[21207]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+    time: 2020-12-11T15:42:01.205128018+01:00
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
+    pid: "21207"
+    priority: ""
+    program: postfix/smtpd
+    timestamp: Dec  7 23:23:40
+    timestamp8601: ""
+  Time: 2020-12-11T15:42:01.205401321+01:00
+  StrTime: Dec  7 23:23:40
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Dec  7 23:23:41 mail postfix/smtpd[21260]: connect from unknown[45.142.120.90]'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+    time: 2020-12-11T15:42:01.205470513+01:00
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: connect from unknown[45.142.120.90]
+    pid: "21260"
+    priority: ""
+    program: postfix/smtpd
+    timestamp: Dec  7 23:23:41
+    timestamp8601: ""
+  Time: 2020-12-11T15:42:01.205699752+01:00
+  StrTime: Dec  7 23:23:41
+  Process: true

diff --git a/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..4cf731b
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_results.yaml
@@ -0,0 +1,266 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/postfix-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+        message_failure: ' authentication failure'
+        pid: "21281"
+        priority: ""
+        program: postfix/smtpd
+        remote_addr: 45.142.120.90
+        remote_host: unknown
+        timestamp: Dec  7 23:23:36
+        timestamp8601: ""
+      StrTime: Dec  7 23:23:36
+      Meta:
+        log_type: postfix
+        log_type_enh: spam-attempt
+        service: postfix
+        source_hostname: unknown
+        source_ip: 45.142.120.90
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+        message_failure: ' authentication failure'
+        pid: "21281"
+        priority: ""
+        program: postfix/smtpd
+        remote_addr: 45.142.120.90
+        remote_host: unknown
+        timestamp: Dec  7 23:23:36
+        timestamp8601: ""
+      StrTime: Dec  7 23:23:36
+      Meta:
+        log_type: postfix
+        log_type_enh: spam-attempt
+        service: postfix
+        source_hostname: unknown
+        source_ip: 45.142.120.90
+- s00-raw: {}
+  s01-parse: {}
+- s00-raw: {}
+  s01-parse: {}
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/postfix-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+        message_failure: ' authentication failure'
+        pid: "21207"
+        priority: ""
+        program: postfix/smtpd
+        remote_addr: 45.142.120.90
+        remote_host: unknown
+        timestamp: Dec  7 23:23:40
+        timestamp8601: ""
+      StrTime: Dec  7 23:23:40
+      Meta:
+        log_type: postfix
+        log_type_enh: spam-attempt
+        service: postfix
+        source_hostname: unknown
+        source_ip: 45.142.120.90
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Dec  7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+        message_failure: ' authentication failure'
+        pid: "21207"
+        priority: ""
+        program: postfix/smtpd
+        remote_addr: 45.142.120.90
+        remote_host: unknown
+        timestamp: Dec  7 23:23:40
+        timestamp8601: ""
+      StrTime: Dec  7 23:23:40
+      Meta:
+        log_type: postfix
+        log_type_enh: spam-attempt
+        service: postfix
+        source_hostname: unknown
+        source_ip: 45.142.120.90
+- s00-raw: {}
+  s01-parse: {}
+- s00-raw: {}
+  s01-parse: {}
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec  7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+    message_failure: ' authentication failure'
+    pid: "21281"
+    priority: ""
+    program: postfix/smtpd
+    remote_addr: 45.142.120.90
+    remote_host: unknown
+    timestamp: Dec  7 23:23:36
+    timestamp8601: ""
+  StrTime: Dec  7 23:23:36
+  Process: true
+  Meta:
+    log_type: postfix
+    log_type_enh: spam-attempt
+    service: postfix
+    source_hostname: unknown
+    source_ip: 45.142.120.90
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Dec  7 23:23:37 mail postfix/smtpd[21281]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
+    pid: "21281"
+    priority: ""
+    program: postfix/smtpd
+    timestamp: Dec  7 23:23:37
+    timestamp8601: ""
+  StrTime: Dec  7 23:23:37
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Dec  7 23:23:38 mail postfix/smtpd[21367]: connect from unknown[45.142.120.90]'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: connect from unknown[45.142.120.90]
+    pid: "21367"
+    priority: ""
+    program: postfix/smtpd
+    timestamp: Dec  7 23:23:38
+    timestamp8601: ""
+  StrTime: Dec  7 23:23:38
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Dec  7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure'
+    message_failure: ' authentication failure'
+    pid: "21207"
+    priority: ""
+    program: postfix/smtpd
+    remote_addr: 45.142.120.90
+    remote_host: unknown
+    timestamp: Dec  7 23:23:40
+    timestamp8601: ""
+  StrTime: Dec  7 23:23:40
+  Process: true
+  Meta:
+    log_type: postfix
+    log_type_enh: spam-attempt
+    service: postfix
+    source_hostname: unknown
+    source_ip: 45.142.120.90
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Dec  7 23:23:40 mail postfix/smtpd[21207]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
+    pid: "21207"
+    priority: ""
+    program: postfix/smtpd
+    timestamp: Dec  7 23:23:40
+    timestamp8601: ""
+  StrTime: Dec  7 23:23:40
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Dec  7 23:23:41 mail postfix/smtpd[21260]: connect from unknown[45.142.120.90]'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: connect from unknown[45.142.120.90]
+    pid: "21260"
+    priority: ""
+    program: postfix/smtpd
+    timestamp: Dec  7 23:23:41
+    timestamp8601: ""
+  StrTime: Dec  7 23:23:41

diff --git a/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/config.yaml
new file mode 100644 (file)
index 0000000..b80efea
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/config.yaml
@@ -0,0 +1,8 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/postscreen-logs

diff --git a/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..5bfebb9
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_input.yaml
@@ -0,0 +1,21 @@
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Oct 25 04:24:59 test postfix/postscreen[22244]: PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/postscreen.log
+    time: 2020-12-11T15:42:01.202977635+01:00
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: 'PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n'
+    pid: "22244"
+    priority: ""
+    program: postfix/postscreen
+    timestamp: Dec  7 23:23:36
+    timestamp8601: ""
+  Time: 2020-12-11T15:42:01.203091954+01:00
+  StrTime: Dec  7 23:23:36
+  Process: true

diff --git a/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..a073f3b
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_results.yaml
@@ -0,0 +1,95 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/postscreen-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Oct 25 04:24:59 test postfix/postscreen[22244]: PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/postscreen.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        count: "16"
+        facility: ""
+        logsource: syslog
+        message: 'PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n'
+        message_attempt: EHLO 127.0.0.1\r\n
+        pid: "22244"
+        port: "41323"
+        pregreet: PREGREET
+        priority: ""
+        program: postfix/postscreen
+        remote_addr: 177.154.236.182
+        time_attempt: "2.6"
+        timestamp: Dec  7 23:23:36
+        timestamp8601: ""
+      StrTime: Dec  7 23:23:36
+      Meta:
+        pregreet: PREGREET
+        service: postscreen
+        source_ip: 177.154.236.182
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Oct 25 04:24:59 test postfix/postscreen[22244]: PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/postscreen.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        count: "16"
+        facility: ""
+        logsource: syslog
+        message: 'PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n'
+        message_attempt: EHLO 127.0.0.1\r\n
+        pid: "22244"
+        port: "41323"
+        pregreet: PREGREET
+        priority: ""
+        program: postfix/postscreen
+        remote_addr: 177.154.236.182
+        time_attempt: "2.6"
+        timestamp: Dec  7 23:23:36
+        timestamp8601: ""
+      StrTime: Dec  7 23:23:36
+      Meta:
+        pregreet: PREGREET
+        service: postscreen
+        source_ip: 177.154.236.182
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Oct 25 04:24:59 test postfix/postscreen[22244]: PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/postscreen.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    count: "16"
+    facility: ""
+    logsource: syslog
+    message: 'PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n'
+    message_attempt: EHLO 127.0.0.1\r\n
+    pid: "22244"
+    port: "41323"
+    pregreet: PREGREET
+    priority: ""
+    program: postfix/postscreen
+    remote_addr: 177.154.236.182
+    time_attempt: "2.6"
+    timestamp: Dec  7 23:23:36
+    timestamp8601: ""
+  StrTime: Dec  7 23:23:36
+  Process: true
+  Meta:
+    pregreet: PREGREET
+    service: postscreen
+    source_ip: 177.154.236.182

diff --git a/parsers/s01-parse/crowdsecurity/.tests/smb-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/smb-logs/config.yaml
new file mode 100644 (file)
index 0000000..1c11587
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/smb-logs/config.yaml
@@ -0,0 +1,8 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/smb-logs

diff --git a/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..3d55572
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_input.yaml
@@ -0,0 +1,29 @@
+- ExpectMode: 1
+  Stage: s01-parse
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: "Auth: [SMB2,(null)] user []\\[hp] at [Fri, 18 Dec 2020 02:49:33.333790 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:14.181.129.111:62493] mapped to []\\[hp]. local host [ipv4:172.18.0.3:445] #015"
+    pid: "8421"
+    priority: ""
+    program: smb
+    timestamp: Nov 10 15:01:29
+    timestamp8601: ""
+  Time: 2020-12-11T13:05:46.765680868+01:00
+  StrTime: Nov 10 15:01:29
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: "Auth: [SMB2,(null)] user [domainname]\\[rcbiwx] at [Sat, 14 Nov 2020 06:52:41.882477 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [LOCALPCNAME] remote host [ipv4:180.252.252.57:55492] mapped to [domainname]\\[rcbiwx]. local host [ipv4:172.18.0.3:445] #015"
+    pid: "8421"
+    priority: ""
+    program: smb
+    timestamp: Nov 10 15:01:29
+    timestamp8601: ""
+  Time: 2020-12-11T13:05:46.765680868+01:00
+  StrTime: Nov 10 15:01:29
+  Process: true
+

diff --git a/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..5cde0bc
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_results.yaml
@@ -0,0 +1,128 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/smb-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Parsed:
+        facility: ""
+        ip_source: 14.181.129.111
+        logsource: syslog
+        message: 'Auth: [SMB2,(null)] user []\[hp] at [Fri, 18 Dec 2020 02:49:33.333790 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:14.181.129.111:62493] mapped to []\[hp]. local host [ipv4:172.18.0.3:445] #015'
+        pid: "8421"
+        priority: ""
+        program: smb
+        smb_domain: ""
+        timestamp: Nov 10 15:01:29
+        timestamp8601: ""
+        user: hp
+      StrTime: Nov 10 15:01:29
+      Meta:
+        log_type: smb_failed_auth
+        source_ip: 14.181.129.111
+        user: hp
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Parsed:
+        facility: ""
+        ip_source: 14.181.129.111
+        logsource: syslog
+        message: 'Auth: [SMB2,(null)] user []\[hp] at [Fri, 18 Dec 2020 02:49:33.333790 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:14.181.129.111:62493] mapped to []\[hp]. local host [ipv4:172.18.0.3:445] #015'
+        pid: "8421"
+        priority: ""
+        program: smb
+        smb_domain: ""
+        timestamp: Nov 10 15:01:29
+        timestamp8601: ""
+        user: hp
+      StrTime: Nov 10 15:01:29
+      Meta:
+        log_type: smb_failed_auth
+        source_ip: 14.181.129.111
+        user: hp
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/smb-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Parsed:
+        facility: ""
+        ip_source: 180.252.252.57
+        logsource: syslog
+        message: 'Auth: [SMB2,(null)] user [domainname]\[rcbiwx] at [Sat, 14 Nov 2020 06:52:41.882477 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [LOCALPCNAME] remote host [ipv4:180.252.252.57:55492] mapped to [domainname]\[rcbiwx]. local host [ipv4:172.18.0.3:445] #015'
+        pid: "8421"
+        priority: ""
+        program: smb
+        smb_domain: domainname
+        timestamp: Nov 10 15:01:29
+        timestamp8601: ""
+        user: rcbiwx
+      StrTime: Nov 10 15:01:29
+      Meta:
+        log_type: smb_failed_auth
+        source_ip: 180.252.252.57
+        user: rcbiwx
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Parsed:
+        facility: ""
+        ip_source: 180.252.252.57
+        logsource: syslog
+        message: 'Auth: [SMB2,(null)] user [domainname]\[rcbiwx] at [Sat, 14 Nov 2020 06:52:41.882477 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [LOCALPCNAME] remote host [ipv4:180.252.252.57:55492] mapped to [domainname]\[rcbiwx]. local host [ipv4:172.18.0.3:445] #015'
+        pid: "8421"
+        priority: ""
+        program: smb
+        smb_domain: domainname
+        timestamp: Nov 10 15:01:29
+        timestamp8601: ""
+        user: rcbiwx
+      StrTime: Nov 10 15:01:29
+      Meta:
+        log_type: smb_failed_auth
+        source_ip: 180.252.252.57
+        user: rcbiwx
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Parsed:
+    facility: ""
+    ip_source: 14.181.129.111
+    logsource: syslog
+    message: 'Auth: [SMB2,(null)] user []\[hp] at [Fri, 18 Dec 2020 02:49:33.333790 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:14.181.129.111:62493] mapped to []\[hp]. local host [ipv4:172.18.0.3:445] #015'
+    pid: "8421"
+    priority: ""
+    program: smb
+    smb_domain: ""
+    timestamp: Nov 10 15:01:29
+    timestamp8601: ""
+    user: hp
+  StrTime: Nov 10 15:01:29
+  Process: true
+  Meta:
+    log_type: smb_failed_auth
+    source_ip: 14.181.129.111
+    user: hp
+- ExpectMode: 1
+  Stage: s02-enrich
+  Parsed:
+    facility: ""
+    ip_source: 180.252.252.57
+    logsource: syslog
+    message: 'Auth: [SMB2,(null)] user [domainname]\[rcbiwx] at [Sat, 14 Nov 2020 06:52:41.882477 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [LOCALPCNAME] remote host [ipv4:180.252.252.57:55492] mapped to [domainname]\[rcbiwx]. local host [ipv4:172.18.0.3:445] #015'
+    pid: "8421"
+    priority: ""
+    program: smb
+    smb_domain: domainname
+    timestamp: Nov 10 15:01:29
+    timestamp8601: ""
+    user: rcbiwx
+  StrTime: Nov 10 15:01:29
+  Process: true
+  Meta:
+    log_type: smb_failed_auth
+    source_ip: 180.252.252.57
+    user: rcbiwx

diff --git a/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/config.yaml
new file mode 100644 (file)
index 0000000..1c435ba
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/config.yaml
@@ -0,0 +1,8 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/sshd-logs

diff --git a/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..9a5ecc1
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_input.yaml
@@ -0,0 +1,21 @@
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Nov 10 15:01:29 host sshd[8421]: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/sshd-logs/auth.log
+    time: 2020-12-11T13:05:46.765615945+01:00
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2
+    pid: "8421"
+    priority: ""
+    program: sshd
+    timestamp: Nov 10 15:01:29
+    timestamp8601: ""
+  Time: 2020-12-11T13:05:46.765680868+01:00
+  StrTime: Nov 10 15:01:29
+  Process: true

diff --git a/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..fdd4a1c
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_results.yaml
@@ -0,0 +1,92 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/sshd-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Nov 10 15:01:29 host sshd[8421]: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/sshd-logs/auth.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2
+        pid: "8421"
+        priority: ""
+        program: sshd
+        sshd_client_ip: 1.1.1.1
+        sshd_invalid_user: test_ftp
+        sshd_port: "38140"
+        sshd_protocol: ssh2
+        timestamp: Nov 10 15:01:29
+        timestamp8601: ""
+      StrTime: Nov 10 15:01:29
+      Meta:
+        log_type: ssh_failed-auth
+        service: ssh
+        source_ip: 1.1.1.1
+        target_user: test_ftp
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Nov 10 15:01:29 host sshd[8421]: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/sshd-logs/auth.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: syslog
+        process: true
+      Parsed:
+        facility: ""
+        logsource: syslog
+        message: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2
+        pid: "8421"
+        priority: ""
+        program: sshd
+        sshd_client_ip: 1.1.1.1
+        sshd_invalid_user: test_ftp
+        sshd_port: "38140"
+        sshd_protocol: ssh2
+        timestamp: Nov 10 15:01:29
+        timestamp8601: ""
+      StrTime: Nov 10 15:01:29
+      Meta:
+        log_type: ssh_failed-auth
+        service: ssh
+        source_ip: 1.1.1.1
+        target_user: test_ftp
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Nov 10 15:01:29 host sshd[8421]: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/sshd-logs/auth.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: syslog
+    process: true
+  Parsed:
+    facility: ""
+    logsource: syslog
+    message: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2
+    pid: "8421"
+    priority: ""
+    program: sshd
+    sshd_client_ip: 1.1.1.1
+    sshd_invalid_user: test_ftp
+    sshd_port: "38140"
+    sshd_protocol: ssh2
+    timestamp: Nov 10 15:01:29
+    timestamp8601: ""
+  StrTime: Nov 10 15:01:29
+  Process: true
+  Meta:
+    log_type: ssh_failed-auth
+    service: ssh
+    source_ip: 1.1.1.1
+    target_user: test_ftp

diff --git a/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/config.yaml
new file mode 100644 (file)
index 0000000..2438efb
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/config.yaml
@@ -0,0 +1,8 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/tcpdump-logs

diff --git a/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..04e6db4
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_input.yaml
@@ -0,0 +1,56 @@
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+    time: 2020-12-14T12:36:58.747752499+01:00
+    Labels:
+      type: tcpdump
+    process: true
+  Parsed:
+    message: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0'
+    program: tcpdump
+  Time: 2020-12-14T12:36:58.747773278+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+    time: 2020-12-14T12:36:58.747765613+01:00
+    Labels:
+      type: tcpdump
+    process: true
+  Parsed:
+    message: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0'
+    program: tcpdump
+  Time: 2020-12-14T12:36:58.748136463+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+    time: 2020-12-14T12:36:58.748206125+01:00
+    Labels:
+      type: tcpdump
+    process: true
+  Parsed:
+    message: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0'
+    program: tcpdump
+  Time: 2020-12-14T12:36:58.748274143+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+    time: 2020-12-14T12:36:58.748363662+01:00
+    Labels:
+      type: tcpdump
+    process: true
+  Parsed:
+    message: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0'
+    program: tcpdump
+  Time: 2020-12-14T12:36:58.748402655+01:00
+  Process: true

diff --git a/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..e118804
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_results.yaml
@@ -0,0 +1,326 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/tcpdump-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: tcpdump
+        process: true
+      Parsed:
+        dest_ip: 172.1.2.3
+        dest_port: "22"
+        message: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0'
+        new_connection: "true"
+        program: tcpdump
+        source_ip: 1.2.3.4
+        source_port: "43436"
+        tcpflags: S
+        timestamp: "11:29:42.550475"
+      Meta:
+        dest_ip: 172.1.2.3
+        dest_port: "22"
+        log_type: tcp_syn
+        service: tcp
+        source_ip: 1.2.3.4
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: tcpdump
+        process: true
+      Parsed:
+        dest_ip: 172.1.2.3
+        dest_port: "22"
+        message: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0'
+        new_connection: "true"
+        program: tcpdump
+        source_ip: 1.2.3.4
+        source_port: "43436"
+        tcpflags: S
+        timestamp: "11:29:42.550475"
+      Meta:
+        dest_ip: 172.1.2.3
+        dest_port: "22"
+        log_type: tcp_syn
+        service: tcp
+        source_ip: 1.2.3.4
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/tcpdump-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: tcpdump
+        process: true
+      Parsed:
+        dest_ip: 1.2.3.4
+        dest_port: "43436"
+        message: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0'
+        new_connection: "true"
+        program: tcpdump
+        source_ip: 172.1.2.3
+        source_port: "22"
+        tcpflags: S.
+        timestamp: "11:29:42.550554"
+      Meta:
+        dest_ip: 1.2.3.4
+        dest_port: "43436"
+        log_type: tcp_syn
+        service: tcp
+        source_ip: 172.1.2.3
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: tcpdump
+        process: true
+      Parsed:
+        dest_ip: 1.2.3.4
+        dest_port: "43436"
+        message: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0'
+        new_connection: "true"
+        program: tcpdump
+        source_ip: 172.1.2.3
+        source_port: "22"
+        tcpflags: S.
+        timestamp: "11:29:42.550554"
+      Meta:
+        dest_ip: 1.2.3.4
+        dest_port: "43436"
+        log_type: tcp_syn
+        service: tcp
+        source_ip: 172.1.2.3
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/tcpdump-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: tcpdump
+        process: true
+      Parsed:
+        dest_ip: 172.1.2.3
+        dest_port: "22"
+        message: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0'
+        new_connection: "true"
+        program: tcpdump
+        source_ip: 4.3.2.1
+        source_port: "21803"
+        tcpflags: S
+        timestamp: "11:31:20.553633"
+      Meta:
+        dest_ip: 172.1.2.3
+        dest_port: "22"
+        log_type: tcp_syn
+        service: tcp
+        source_ip: 4.3.2.1
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: tcpdump
+        process: true
+      Parsed:
+        dest_ip: 172.1.2.3
+        dest_port: "22"
+        message: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0'
+        new_connection: "true"
+        program: tcpdump
+        source_ip: 4.3.2.1
+        source_port: "21803"
+        tcpflags: S
+        timestamp: "11:31:20.553633"
+      Meta:
+        dest_ip: 172.1.2.3
+        dest_port: "22"
+        log_type: tcp_syn
+        service: tcp
+        source_ip: 4.3.2.1
+- s00-raw: {}
+  s01-parse:
+    crowdsecurity/tcpdump-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: tcpdump
+        process: true
+      Parsed:
+        dest_ip: 4.3.2.1
+        dest_port: "21803"
+        message: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0'
+        new_connection: "true"
+        program: tcpdump
+        source_ip: 172.1.2.3
+        source_port: "22"
+        tcpflags: S.
+        timestamp: "11:31:20.553713"
+      Meta:
+        dest_ip: 4.3.2.1
+        dest_port: "21803"
+        log_type: tcp_syn
+        service: tcp
+        source_ip: 172.1.2.3
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: tcpdump
+        process: true
+      Parsed:
+        dest_ip: 4.3.2.1
+        dest_port: "21803"
+        message: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0'
+        new_connection: "true"
+        program: tcpdump
+        source_ip: 172.1.2.3
+        source_port: "22"
+        tcpflags: S.
+        timestamp: "11:31:20.553713"
+      Meta:
+        dest_ip: 4.3.2.1
+        dest_port: "21803"
+        log_type: tcp_syn
+        service: tcp
+        source_ip: 172.1.2.3
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: tcpdump
+    process: true
+  Parsed:
+    dest_ip: 172.1.2.3
+    dest_port: "22"
+    message: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0'
+    new_connection: "true"
+    program: tcpdump
+    source_ip: 1.2.3.4
+    source_port: "43436"
+    tcpflags: S
+    timestamp: "11:29:42.550475"
+  Process: true
+  Meta:
+    dest_ip: 172.1.2.3
+    dest_port: "22"
+    log_type: tcp_syn
+    service: tcp
+    source_ip: 1.2.3.4
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: tcpdump
+    process: true
+  Parsed:
+    dest_ip: 1.2.3.4
+    dest_port: "43436"
+    message: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0'
+    new_connection: "true"
+    program: tcpdump
+    source_ip: 172.1.2.3
+    source_port: "22"
+    tcpflags: S.
+    timestamp: "11:29:42.550554"
+  Process: true
+  Meta:
+    dest_ip: 1.2.3.4
+    dest_port: "43436"
+    log_type: tcp_syn
+    service: tcp
+    source_ip: 172.1.2.3
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: tcpdump
+    process: true
+  Parsed:
+    dest_ip: 172.1.2.3
+    dest_port: "22"
+    message: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0'
+    new_connection: "true"
+    program: tcpdump
+    source_ip: 4.3.2.1
+    source_port: "21803"
+    tcpflags: S
+    timestamp: "11:31:20.553633"
+  Process: true
+  Meta:
+    dest_ip: 172.1.2.3
+    dest_port: "22"
+    log_type: tcp_syn
+    service: tcp
+    source_ip: 4.3.2.1
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: tcpdump
+    process: true
+  Parsed:
+    dest_ip: 4.3.2.1
+    dest_port: "21803"
+    message: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0'
+    new_connection: "true"
+    program: tcpdump
+    source_ip: 172.1.2.3
+    source_port: "22"
+    tcpflags: S.
+    timestamp: "11:31:20.553713"
+  Process: true
+  Meta:
+    dest_ip: 4.3.2.1
+    dest_port: "21803"
+    log_type: tcp_syn
+    service: tcp
+    source_ip: 172.1.2.3

diff --git a/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/config.yaml
new file mode 100644 (file)
index 0000000..2e6cf67
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/config.yaml
@@ -0,0 +1,9 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/vsftpd-logs

diff --git a/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..458f837
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_input.yaml
@@ -0,0 +1,42 @@
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log
+    time: 2020-12-11T13:08:30.633357386+01:00
+    Labels:
+      type: vsftpd
+    process: true
+  Parsed:
+    message: 'Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"'
+    program: vsftpd
+  Time: 2020-12-11T13:08:30.633416929+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log
+    time: 2020-12-11T13:08:30.633484186+01:00
+    Labels:
+      type: vsftpd
+    process: true
+  Parsed:
+    message: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"'
+    program: vsftpd
+  Time: 2020-12-11T13:08:30.633866712+01:00
+  Process: true
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log
+    time: 2020-12-11T13:08:30.633938989+01:00
+    Labels:
+      type: vsftpd
+    process: true
+  Parsed:
+    message: 'Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"'
+    program: vsftpd
+  Time: 2020-12-11T13:08:30.634181739+01:00
+  Process: true

diff --git a/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..98891a6
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_results.yaml
@@ -0,0 +1,99 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse: {}
+- s00-raw: {}
+  s01-parse:
+    vsftpd-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: vsftpd
+        process: true
+      Parsed:
+        message: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"'
+        program: vsftpd
+        source_ip: 93.24.101.89
+        timestamp: Mon Jun 8 12:08:53 2020
+        user: user
+      StrTime: Mon Jun 8 12:08:53 2020
+      Meta:
+        log_type: ftp_failed_auth
+        program: vsftpd
+        source_ip: 93.24.101.89
+        user: user
+  s02-enrich:
+    "":
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"'
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: vsftpd
+        process: true
+      Parsed:
+        message: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"'
+        program: vsftpd
+        source_ip: 93.24.101.89
+        timestamp: Mon Jun 8 12:08:53 2020
+        user: user
+      StrTime: Mon Jun 8 12:08:53 2020
+      Meta:
+        log_type: ftp_failed_auth
+        program: vsftpd
+        source_ip: 93.24.101.89
+        user: user
+- s00-raw: {}
+  s01-parse: {}
+finalresults:
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: vsftpd
+    process: true
+  Parsed:
+    message: 'Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"'
+    program: vsftpd
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: vsftpd
+    process: true
+  Parsed:
+    message: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"'
+    program: vsftpd
+    source_ip: 93.24.101.89
+    timestamp: Mon Jun 8 12:08:53 2020
+    user: user
+  StrTime: Mon Jun 8 12:08:53 2020
+  Process: true
+  Meta:
+    log_type: ftp_failed_auth
+    program: vsftpd
+    source_ip: 93.24.101.89
+    user: user
+- ExpectMode: 1
+  Stage: s01-parse
+  Line:
+    Raw: 'Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"'
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: vsftpd
+    process: true
+  Parsed:
+    message: 'Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"'
+    program: vsftpd

diff --git a/parsers/s01-parse/crowdsecurity/apache2-logs.md b/parsers/s01-parse/crowdsecurity/apache2-logs.md
new file mode 100644 (file)
index 0000000..bbd8ae7
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/apache2-logs.md
@@ -0,0 +1,3 @@
+This apache2 parser support access and error logs in the HTTPD COMBINED LOG standard format.
+
+*note : * If you are aggregating logs from several domains, prefix your logline with the target FQDN. HTTP based scenarios should take this into account so that buckets are _per_ source IP per target FQDN, limiting false positives due to logs multiplexing.

diff --git a/parsers/s01-parse/crowdsecurity/apache2-logs.yaml b/parsers/s01-parse/crowdsecurity/apache2-logs.yaml
new file mode 100644 (file)
index 0000000..1a32eb2
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/apache2-logs.yaml
@@ -0,0 +1,74 @@
+#Apache access/errors logs
+#debug: true
+filter: "evt.Parsed.program startsWith 'apache2'"
+onsuccess: next_stage
+name: crowdsecurity/apache2-logs
+description: "Parse Apache2 access and error logs"
+#log line can be prefixed by a target_fqdn
+nodes:
+  - grok:
+      pattern: '(%{IPORHOST:target_fqdn} )?%{COMMONAPACHELOG} %{QS:referrer} %{QS:http_user_agent}'
+      apply_on: message
+      # these ones apply for both grok patterns
+      statics:
+        - meta: log_type
+          value: http_access-log
+        - target: evt.StrTime
+          expression: evt.Parsed.timestamp
+        - meta: service
+          value: http
+        - meta: source_ip
+          expression: evt.Parsed.clientip
+        - meta: http_status
+          expression: evt.Parsed.response
+        - meta: http_path
+          expression: evt.Parsed.request
+    onsuccess: next_stage
+  - grok:
+      pattern: '%{HTTPD_ERRORLOG}'
+      apply_on: message
+    onsuccess: next_stage
+    pattern_syntax:
+      NOT_DOUBLE_POINT: '[^:]+'
+      NOT_DOUBLE_QUOTE: '[^"]+'    
+    nodes:
+      - filter: "evt.Parsed.module == 'auth_basic'"
+        onsuccess: next_stage
+        pattern_syntax:
+          EXTRACT_USER_AND_PATH: 'user %{NOT_DOUBLE_POINT:username}: authentication failure for "%{NOT_DOUBLE_QUOTE:target_uri}": Password Mismatch'
+        grok:
+          pattern: '%{EXTRACT_USER_AND_PATH}'
+          apply_on: message
+          # these ones apply for both grok patterns
+        statics:
+          - meta: username
+            expression: evt.Parsed.username
+          - meta: http_path
+            expression: evt.Parsed.target_uri
+          - meta: sub_type
+            value: "auth_fail"
+      - filter: "evt.Parsed.module == 'authz_core' && evt.Parsed.message contains 'client denied'"
+        onsuccess: next_stage
+        pattern_syntax:
+          EXTRACT_PATH: 'client denied by server configuration: %{GREEDYDATA:target_uri}'
+        grok:
+          pattern: '%{EXTRACT_PATH}'
+          apply_on: message
+        statics:
+          - meta: http_path
+            expression: evt.Parsed.target_uri
+          - meta: sub_type
+            value: "permission_denied"
+    statics:
+      - meta: log_type
+        value: http_error-log
+      - target: evt.StrTime
+        expression: evt.Parsed.timestamp
+      - meta: service
+        value: http
+      - meta: source_ip
+        expression: evt.Parsed.client
+      - meta: http_status
+        expression: evt.Parsed.response
+
+      
\ No newline at end of file

diff --git a/parsers/s01-parse/crowdsecurity/cowrie-logs.yaml b/parsers/s01-parse/crowdsecurity/cowrie-logs.yaml
new file mode 100644 (file)
index 0000000..bc4a7ba
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/cowrie-logs.yaml
@@ -0,0 +1,20 @@
+onsuccess: next_stage
+name: cowrie-logs
+description: "Parse cowrie honeypots logs"
+filter: "evt.Parsed.program == 'cowrie'"
+grok:
+  name: "COWRIE_NEW_CO"
+  apply_on: message
+statics:
+    - meta: service
+      value: telnet
+    - meta: log_type
+      value: telnet_new_session
+    - meta: source_ip
+      expression: "evt.Parsed.source_ip"
+    - meta: dest_ip
+      expression: "evt.Parsed.dest_ip"
+    - meta: dest_port
+      expression: "evt.Parsed.dest_port"
+    - parsed: "telnet_session"
+      expression: "evt.Parsed.telnet_session"
\ No newline at end of file

diff --git a/parsers/s01-parse/crowdsecurity/dovecot-logs.yaml b/parsers/s01-parse/crowdsecurity/dovecot-logs.yaml
new file mode 100644 (file)
index 0000000..333d73e
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/dovecot-logs.yaml
@@ -0,0 +1,14 @@
+#contribution by @ltsich
+onsuccess: next_stage
+debug: false
+filter: "evt.Parsed.program == 'dovecot'"
+name: crowdsecurity/dovecot-logs
+description: "Parse dovecot logs"
+grok:
+  pattern: "%{WORD:protocol}-login: %{DATA:dovecot_login_result}: user=<%{DATA:dovecot_user}>.*, rip=%{IP:dovecot_remote_ip}, lip=%{IP:dovecot_local_ip}"
+  apply_on: message
+statics:
+    - meta: log_type
+      value: dovecot_logs
+    - meta: source_ip
+      expression: "evt.Parsed.dovecot_remote_ip"

diff --git a/parsers/s01-parse/crowdsecurity/iptables-logs.md b/parsers/s01-parse/crowdsecurity/iptables-logs.md
new file mode 100644 (file)
index 0000000..4683bdc
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/iptables-logs.md
@@ -0,0 +1,6 @@
+A parser for iptables `-j LOG` logs.
+
+All logged packets are considered as DROPs.
+
+To make this parser relevant, you should have a `iptables -A INPUT  -m state --state NEW -j LOG` or similar into your configuration. This one will log all new connections, successful or not.
+

diff --git a/parsers/s01-parse/crowdsecurity/iptables-logs.yaml b/parsers/s01-parse/crowdsecurity/iptables-logs.yaml
new file mode 100644 (file)
index 0000000..4cc74f2
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/iptables-logs.yaml
@@ -0,0 +1,16 @@
+onsuccess: next_stage
+#debug: true
+filter: "evt.Parsed.program == 'kernel'"
+name: crowdsecurity/iptables-logs
+description: "Parse iptables drop logs"
+grok:
+  pattern: \[%{DATA}\]+.*(%{WORD:action})? IN=%{WORD:int_eth} OUT= MAC=%{IP}:%{MAC} SRC=%{IP:src_ip} DST=%{IP:dst_ip} LEN=%{INT:length}.*PROTO=%{WORD:proto} SPT=%{INT:src_port} DPT=%{INT:dst_port}.*
+  apply_on: message
+statics:
+    - meta: service
+      value: tcp
+    - meta: log_type
+      value: iptables_drop
+    - meta: source_ip
+      expression: "evt.Parsed.src_ip"
+  
\ No newline at end of file

diff --git a/parsers/s01-parse/crowdsecurity/modsecurity.md b/parsers/s01-parse/crowdsecurity/modsecurity.md
new file mode 100644 (file)
index 0000000..6fa2944
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/modsecurity.md
@@ -0,0 +1,3 @@
+This modsecurity parser support modsecurity logs from apache2 error log.
+
+(Not tested with Nginx yet). 
\ No newline at end of file

diff --git a/parsers/s01-parse/crowdsecurity/modsecurity.yaml b/parsers/s01-parse/crowdsecurity/modsecurity.yaml
new file mode 100644 (file)
index 0000000..01f0f2e
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/modsecurity.yaml
@@ -0,0 +1,13 @@
+onsuccess: next_stage
+filter: evt.Parsed.program == 'modsecurity'
+name: crowdsecurity/modsecurity
+#debug: true
+description: A parser for modsecurity WAF
+grok:
+  name: MODSECAPACHEERROR
+  apply_on: message
+statics:
+  - meta: log_type
+    value: modsecurity
+  - meta: source_ip
+    expression: evt.Parsed.sourcehost

diff --git a/parsers/s01-parse/crowdsecurity/mysql-logs.md b/parsers/s01-parse/crowdsecurity/mysql-logs.md
new file mode 100644 (file)
index 0000000..6304844
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/mysql-logs.md
@@ -0,0 +1 @@
+Mysql authentication fail parser.

diff --git a/parsers/s01-parse/crowdsecurity/mysql-logs.yaml b/parsers/s01-parse/crowdsecurity/mysql-logs.yaml
new file mode 100644 (file)
index 0000000..69a755f
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/mysql-logs.yaml
@@ -0,0 +1,14 @@
+onsuccess: next_stage
+name: crowdsecurity/mysql-logs
+description: "Parse MySQL logs"
+filter: "evt.Parsed.program == 'mysql'"
+grok:
+  name: "MYSQL_AUTH_FAIL"
+  apply_on: message
+statics:
+  - meta: log_type
+    value: mysql_failed_auth
+  - meta: source_ip
+    expression: "evt.Parsed.source_ip"
+  - meta: user
+    expression: "evt.Parsed.user"
\ No newline at end of file

diff --git a/parsers/s01-parse/crowdsecurity/nginx-logs.md b/parsers/s01-parse/crowdsecurity/nginx-logs.md
new file mode 100644 (file)
index 0000000..da43bbb
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/nginx-logs.md
@@ -0,0 +1,5 @@
+A generic parser for nginx, support both access and error logs.
+
+
+*note : * If you are aggregating logs from several domains, prefix your logline with the target FQDN. HTTP based scenarios should take this into account so that buckets are _per_ source IP per target FQDN, limiting false positives due to logs multiplexing.
+

diff --git a/parsers/s01-parse/crowdsecurity/nginx-logs.yaml b/parsers/s01-parse/crowdsecurity/nginx-logs.yaml
new file mode 100644 (file)
index 0000000..5eea4c6
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/nginx-logs.yaml
@@ -0,0 +1,33 @@
+filter: "evt.Parsed.program startsWith 'nginx'"
+onsuccess: next_stage
+#debug: true
+name: crowdsecurity/nginx-logs
+description: "Parse nginx access and error logs"
+nodes:
+  - grok:
+      pattern: '(%{IPORHOST:target_fqdn} )?%{IPORHOST:remote_addr} - %{NGUSER:remote_user} \[%{HTTPDATE:time_local}\] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:http_version}" %{NUMBER:status} %{NUMBER:body_bytes_sent} "%{NOTDQUOTE:http_referer}" "%{NOTDQUOTE:http_user_agent}"'
+      apply_on: message
+      statics:
+        - meta: log_type
+          value: http_access-log
+        - target: evt.StrTime
+          expression: evt.Parsed.time_local
+  - grok:
+        # and this one the error log
+        pattern: '(%{IPORHOST:target_fqdn} )?%{NGINXERRTIME:time} \[%{LOGLEVEL:loglevel}\] %{NONNEGINT:pid}#%{NONNEGINT:tid}: (\*%{NONNEGINT:cid} )?%{GREEDYDATA:message}'
+        apply_on: message
+        statics:
+          - meta: log_type
+            value: http_error-log
+          - target: evt.StrTime
+            expression: evt.Parsed.time
+# these ones apply for both grok patterns
+statics:
+  - meta: service
+    value: http
+  - meta: source_ip
+    expression: "evt.Parsed.remote_addr"
+  - meta: http_status
+    expression: "evt.Parsed.status"
+  - meta: http_path
+    expression: "evt.Parsed.request"
\ No newline at end of file

diff --git a/parsers/s01-parse/crowdsecurity/postfix-logs.yaml b/parsers/s01-parse/crowdsecurity/postfix-logs.yaml
new file mode 100644 (file)
index 0000000..0580a3d
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/postfix-logs.yaml
@@ -0,0 +1,61 @@
+# Copyright (c) 2014, 2015, Rudy Gevaert
+# Copyright (c) 2020 Crowdsec
+
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# Some of the groks used here are from https://github.com/rgevaert/grok-patterns/blob/master/grok.d/postfix_patterns
+onsuccess: next_stage
+filter: "evt.Parsed.program == 'postfix/smtpd'"
+name: crowdsecurity/postfix-logs
+pattern_syntax:
+  POSTFIX_HOSTNAME: '(%{HOSTNAME}|unknown)'
+  POSTFIX_COMMAND: '(AUTH|STARTTLS|CONNECT|EHLO|HELO|RCPT)'
+  POSTFIX_ACTION: 'discard|dunno|filter|hold|ignore|info|prepend|redirect|replace|reject|warn'
+  RELAY: '(?:%{HOSTNAME:remote_host}(?:\[%{IP:remote_addr}\](?::[0-9]+(.[0-9]+)?)?)?)'
+description: "Parse postfix logs"
+nodes:
+  - grok:
+      apply_on: message
+      pattern: 'lost connection after %{DATA:smtp_response} from %{RELAY}'
+      statics:
+        - meta: log_type_enh
+          value: spam-attempt
+  - grok:
+      apply_on: message
+      pattern: 'warning: %{POSTFIX_HOSTNAME:remote_host}\[%{IP:remote_addr}\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:%{GREEDYDATA:message_failure}'
+      statics:
+        - meta: log_type_enh
+          value: spam-attempt
+  - grok:
+      apply_on: message
+      pattern: 'NOQUEUE: %{POSTFIX_ACTION:action}: %{DATA:command} from %{RELAY}: %{GREEDYDATA:reason}'
+      statics:
+        - meta: action
+          expression: "evt.Parsed.action"        
+statics:
+    - meta: service
+      value: postfix
+    - meta: source_ip
+      expression: "evt.Parsed.remote_addr"
+    - meta: source_hostname
+      expression: "evt.Parsed.remote_host"
+    - meta: log_type
+      value: postfix
+

diff --git a/parsers/s01-parse/crowdsecurity/postscreen-logs.yaml b/parsers/s01-parse/crowdsecurity/postscreen-logs.yaml
new file mode 100644 (file)
index 0000000..83e0404
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/postscreen-logs.yaml
@@ -0,0 +1,20 @@
+onsuccess: next_stage
+filter: "evt.Parsed.program == 'postfix/postscreen'"
+name: crowdsecurity/postscreen-logs
+pattern_syntax:
+  POSTSCREEN_PREGREET: 'PREGREET'
+  POSTSCREEN_PREGREET_TIME_ATTEMPT: '\d+.\d+'
+description: "Parse postscreen logs"
+nodes:
+  - grok:
+      apply_on: message
+      pattern: '%{POSTSCREEN_PREGREET:pregreet} %{INT:count} after %{POSTSCREEN_PREGREET_TIME_ATTEMPT:time_attempt} from \[%{IP:remote_addr}\]:%{INT:port}: %{GREEDYDATA:message_attempt}'
+statics:
+    - meta: service
+      value: postscreen
+    - meta: source_ip
+      expression: "evt.Parsed.remote_addr"
+    - meta: pregreet
+      expression: "evt.Parsed.pregreet"
+
+

diff --git a/parsers/s01-parse/crowdsecurity/smb-logs.yaml b/parsers/s01-parse/crowdsecurity/smb-logs.yaml
new file mode 100644 (file)
index 0000000..98b4a8e
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/smb-logs.yaml
@@ -0,0 +1,14 @@
+onsuccess: next_stage
+name: crowdsecurity/smb-logs
+filter: evt.Parsed.program == 'smb'
+description: "Parse SMB logs"
+grok:
+  name: "SMB_AUTH_FAIL"
+  apply_on: message
+statics:
+  - meta: log_type
+    value: smb_failed_auth
+  - meta: source_ip
+    expression: "evt.Parsed.ip_source"
+  - meta: user
+    expression: "evt.Parsed.user"
\ No newline at end of file

diff --git a/parsers/s01-parse/crowdsecurity/sshd-logs.md b/parsers/s01-parse/crowdsecurity/sshd-logs.md
new file mode 100644 (file)
index 0000000..26ebfcf
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/sshd-logs.md
@@ -0,0 +1,2 @@
+Your one fits-all ssh parser with support for the most common kind of failed authentications and errors.
+

diff --git a/parsers/s01-parse/crowdsecurity/sshd-logs.yaml b/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
new file mode 100644 (file)
index 0000000..0064a9d
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
@@ -0,0 +1,36 @@
+onsuccess: next_stage
+filter: "evt.Parsed.program == 'sshd'"
+name: crowdsecurity/sshd-logs
+description: "Parse openSSH logs"
+nodes:
+  - grok:
+      name: "SSHD_FAIL"
+      apply_on: message
+      statics:
+        - meta: target_user
+          expression: "evt.Parsed.sshd_invalid_user"
+  - grok:
+      name: "SSHD_DISC_PREAUTH"
+      apply_on: message
+  - grok:
+      name: "SSHD_BAD_VERSION"
+      apply_on: message
+  - grok:
+      name: "SSHD_INVAL_USER"
+      apply_on: message
+      statics:
+        - meta: target_user
+          expression: "evt.Parsed.sshd_invalid_user"
+  - grok:
+      name: "SSHD_USER_FAIL"
+      apply_on: message
+      statics:
+        - meta: target_user
+          expression: "evt.Parsed.sshd_invalid_user"
+statics:
+    - meta: service
+      value: ssh
+    - meta: log_type
+      value: ssh_failed-auth
+    - meta: source_ip
+      expression: "evt.Parsed.sshd_client_ip"
\ No newline at end of file

diff --git a/parsers/s01-parse/crowdsecurity/tcpdump-logs.md b/parsers/s01-parse/crowdsecurity/tcpdump-logs.md
new file mode 100644 (file)
index 0000000..56dd6d1
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/tcpdump-logs.md
@@ -0,0 +1,25 @@
+A parser for tcpdump logs.
+
+To make this parser relevant, you should have add tcpdump command that log tcp scan :
+
+An example:
+```bash
+cat <<EOF > /etc/systemd/system/tcpdump.service
+[Unit]
+Description=TCPDUMP
+
+[Service]
+Type=simple
+User=root
+ExecStart=/bin/sh -c 'tcpdump -l -n -i eth0 "tcp[tcpflags] & (tcp-syn) != 0" >> /var/log/tcpdump.out'
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable tcpdump.service
+service tcpdump start
+```
+

diff --git a/parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml b/parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml
new file mode 100644 (file)
index 0000000..bbd6528
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml
@@ -0,0 +1,21 @@
+onsuccess: next_stage
+filter: "evt.Parsed.program == 'tcpdump'"
+name: crowdsecurity/tcpdump-logs
+#debug: true
+description: "Parse tcpdump raw logs"
+grok:
+  name: "TCPDUMP_OUTPUT"
+  apply_on: message
+statics:
+    - meta: service
+      value: tcp
+    - meta: log_type
+      value: tcp_syn
+    - meta: source_ip
+      expression: "evt.Parsed.source_ip"
+    - meta: dest_ip
+      expression: "evt.Parsed.dest_ip"
+    - meta: dest_port
+      expression: "evt.Parsed.dest_port"
+    - parsed: "new_connection"
+      expression: "evt.Parsed.tcpflags contains 'S' ? 'true' : 'false'"
\ No newline at end of file

diff --git a/parsers/s01-parse/crowdsecurity/vsftpd-logs.md b/parsers/s01-parse/crowdsecurity/vsftpd-logs.md
new file mode 100644 (file)
index 0000000..ed28593
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/vsftpd-logs.md
@@ -0,0 +1 @@
+FTP ([vsftpd](https://en.wikipedia.org/wiki/Vsftpd)) authentication fail parser.
\ No newline at end of file

diff --git a/parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml b/parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml
new file mode 100644 (file)
index 0000000..0f43188
--- /dev/null
+++ b/parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml
@@ -0,0 +1,21 @@
+onsuccess: next_stage
+name: vsftpd-logs
+description: "Parse VSFTPD logs"
+filter: "evt.Parsed.program == 'vsftpd'"
+#debug: true
+pattern_syntax:
+  FTP_AUTH_FAIL: '%{HTTPDERROR_DATE:timestamp} \[pid %{NUMBER}\] \[%{GREEDYDATA:user}\] FAIL LOGIN: Client "(::ffff:)?%{IP:source_ip}"'
+grok:
+  pattern: "%{FTP_AUTH_FAIL}"
+  apply_on: message
+statics:
+    - meta: program
+      value: vsftpd
+    - meta: log_type
+      value: ftp_failed_auth
+    - meta: source_ip
+      expression: "evt.Parsed.source_ip"
+    - meta: user
+      expression: "evt.Parsed.user"
+    - target: evt.StrTime
+      expression: evt.Parsed.timestamp
\ No newline at end of file

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/config.yaml b/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/config.yaml
new file mode 100644 (file)
index 0000000..9e6999e
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/config.yaml
@@ -0,0 +1,12 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+marshaled_time_year: 2020
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  parsers:
+  - crowdsecurity/dateparse-enrich
+
+  

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_input.yaml b/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_input.yaml
new file mode 100644 (file)
index 0000000..329dcd3
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_input.yaml
@@ -0,0 +1,5 @@
+#these are the events we input into parser
+- StrTime: "08/Jun/2020:06:49:01 +0000"
+- StrTime: "Jun 7 11:17:17"
+- StrTime: "Mon Jun 8 12:08:53 2020"
+- StrTime: "2020-04-16T05:13:40.861934Z"
\ No newline at end of file

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_results.yaml b/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_results.yaml
new file mode 100644 (file)
index 0000000..82f73c1
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_results.yaml
@@ -0,0 +1,86 @@
+provisionalresults:
+- s00-raw:
+    "":
+      Stage: s01-parse
+      StrTime: 08/Jun/2020:06:49:01 +0000
+  s01-parse:
+    "":
+      Stage: s02-enrich
+      StrTime: 08/Jun/2020:06:49:01 +0000
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      Stage: s02-enrich
+      Enriched:
+        MarshaledTime: "2020-06-08T06:49:01Z"
+      StrTime: 08/Jun/2020:06:49:01 +0000
+      MarshaledTime: "2020-06-08T06:49:01Z"
+- s00-raw:
+    "":
+      Stage: s01-parse
+      StrTime: Jun 7 11:17:17
+  s01-parse:
+    "":
+      Stage: s02-enrich
+      StrTime: Jun 7 11:17:17
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      Stage: s02-enrich
+      Enriched:
+        MarshaledTime: "2020-06-07T11:17:17Z"
+      StrTime: Jun 7 11:17:17
+      MarshaledTime: "2020-06-07T11:17:17Z"
+- s00-raw:
+    "":
+      Stage: s01-parse
+      StrTime: Mon Jun 8 12:08:53 2020
+  s01-parse:
+    "":
+      Stage: s02-enrich
+      StrTime: Mon Jun 8 12:08:53 2020
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      Stage: s02-enrich
+      Enriched:
+        MarshaledTime: "2020-06-08T12:08:53Z"
+      StrTime: Mon Jun 8 12:08:53 2020
+      MarshaledTime: "2020-06-08T12:08:53Z"
+- s00-raw:
+    "":
+      Stage: s01-parse
+      StrTime: "2020-04-16T05:13:40.861934Z"
+  s01-parse:
+    "":
+      Stage: s02-enrich
+      StrTime: "2020-04-16T05:13:40.861934Z"
+  s02-enrich:
+    crowdsecurity/dateparse-enrich:
+      Stage: s02-enrich
+      Enriched:
+        MarshaledTime: "2020-04-16T05:13:40.861934Z"
+      StrTime: "2020-04-16T05:13:40.861934Z"
+      MarshaledTime: "2020-04-16T05:13:40.861934Z"
+finalresults:
+- Stage: s02-enrich
+  Enriched:
+    MarshaledTime: "2020-06-08T06:49:01Z"
+  StrTime: 08/Jun/2020:06:49:01 +0000
+  MarshaledTime: "2020-06-08T06:49:01Z"
+  Process: true
+- Stage: s02-enrich
+  Enriched:
+    MarshaledTime: "2020-06-07T11:17:17Z"
+  StrTime: Jun 7 11:17:17
+  MarshaledTime: "2020-06-07T11:17:17Z"
+  Process: true
+- Stage: s02-enrich
+  Enriched:
+    MarshaledTime: "2020-06-08T12:08:53Z"
+  StrTime: Mon Jun 8 12:08:53 2020
+  MarshaledTime: "2020-06-08T12:08:53Z"
+  Process: true
+- Stage: s02-enrich
+  Enriched:
+    MarshaledTime: "2020-04-16T05:13:40.861934Z"
+  StrTime: "2020-04-16T05:13:40.861934Z"
+  MarshaledTime: "2020-04-16T05:13:40.861934Z"
+  Process: true

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/config.yaml b/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/config.yaml
new file mode 100644 (file)
index 0000000..f01a82a
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/config.yaml
@@ -0,0 +1,8 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  parsers:
+  - crowdsecurity/geoip-enrich

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_input.yaml b/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_input.yaml
new file mode 100644 (file)
index 0000000..c1aa9d5
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_input.yaml
@@ -0,0 +1,5 @@
+#these are the events we input into parser
+- Meta:
+    source_ip: 8.8.8.8
+- Meta:
+    source_ip: 192.168.0.1

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_results.yaml b/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_results.yaml
new file mode 100644 (file)
index 0000000..0b5fcb6
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_results.yaml
@@ -0,0 +1,84 @@
+provisionalresults:
+- s00-raw:
+    "":
+      Stage: s01-parse
+      Meta:
+        source_ip: 8.8.8.8
+  s01-parse:
+    "":
+      Stage: s02-enrich
+      Meta:
+        source_ip: 8.8.8.8
+  s02-enrich:
+    crowdsecurity/geoip-enrich:
+      Stage: s02-enrich
+      Enriched:
+        ASNNumber: "15169"
+        ASNOrg: Google LLC
+        IsInEU: "false"
+        IsoCode: US
+        Latitude: "37.751000"
+        Longitude: "-97.822000"
+        SourceRange: 8.8.8.0/24
+      Meta:
+        ASNNumber: "15169"
+        ASNOrg: Google LLC
+        IsInEU: "false"
+        IsoCode: US
+        SourceRange: 8.8.8.0/24
+        source_ip: 8.8.8.8
+- s00-raw:
+    "":
+      Stage: s01-parse
+      Meta:
+        source_ip: 192.168.0.1
+  s01-parse:
+    "":
+      Stage: s02-enrich
+      Meta:
+        source_ip: 192.168.0.1
+  s02-enrich:
+    crowdsecurity/geoip-enrich:
+      Stage: s02-enrich
+      Enriched:
+        ASNNumber: "0"
+        ASNOrg: ""
+        IsInEU: "false"
+        IsoCode: ""
+        Latitude: "0.000000"
+        Longitude: "0.000000"
+      Meta:
+        ASNNumber: "0"
+        IsInEU: "false"
+        source_ip: 192.168.0.1
+finalresults:
+- Stage: s02-enrich
+  Enriched:
+    ASNNumber: "15169"
+    ASNOrg: Google LLC
+    IsInEU: "false"
+    IsoCode: US
+    Latitude: "37.751000"
+    Longitude: "-97.822000"
+    SourceRange: 8.8.8.0/24
+  Process: true
+  Meta:
+    ASNNumber: "15169"
+    ASNOrg: Google LLC
+    IsInEU: "false"
+    IsoCode: US
+    SourceRange: 8.8.8.0/24
+    source_ip: 8.8.8.8
+- Stage: s02-enrich
+  Enriched:
+    ASNNumber: "0"
+    ASNOrg: ""
+    IsInEU: "false"
+    IsoCode: ""
+    Latitude: "0.000000"
+    Longitude: "0.000000"
+  Process: true
+  Meta:
+    ASNNumber: "0"
+    IsInEU: "false"
+    source_ip: 192.168.0.1

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/http-logs/config.yaml b/parsers/s02-enrich/crowdsecurity/.tests/http-logs/config.yaml
new file mode 100644 (file)
index 0000000..d46a5f9
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/http-logs/config.yaml
@@ -0,0 +1,8 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/http-logs

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_input.yaml b/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..9abca52
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_input.yaml
@@ -0,0 +1,166 @@
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 2020-12-01T23:19:00.262113291+01:00
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    body_bytes_sent: "522"
+    http_referer: '-'
+    http_user_agent: Go-http-client/1.1
+    http_version: "1.1"
+    message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+    method: GET
+    program: nginx
+    remote_addr: 5.5.8.5
+    remote_user: '-'
+    request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo
+    status: "404"
+    target_fqdn: ""
+    time_local: 04/Jan/2020:07:25:02 +0000
+  Time: 2020-12-01T23:19:00.262129175+01:00
+  StrTime: 04/Jan/2020:07:25:02 +0000
+  Process: true
+  Meta:
+    http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo
+    http_status: "404"
+    log_type: http_access-log
+    service: http
+    source_ip: 5.5.8.5
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 2020-12-01T23:19:00.263881872+01:00
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    body_bytes_sent: "550"
+    http_referer: '-'
+    http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+    http_version: "1.1"
+    message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    method: GET
+    program: nginx
+    remote_addr: 52.59.61.4
+    remote_user: '-'
+    request: /index.php/nous-contacter/
+    status: "500"
+    target_fqdn: ""
+    time_local: 04/Jan/2020:08:41:43 +0000
+  Time: 2020-12-01T23:19:00.264385615+01:00
+  StrTime: 04/Jan/2020:08:41:43 +0000
+  Process: true
+  Meta:
+    http_path: /index.php/nous-contacter/
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 52.59.61.4
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 2020-12-01T23:18:58.885136572+01:00
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+    auth: '-'
+    bytes: "803"
+    clientip: 195.54.160.135
+    httpversion: "1.1"
+    ident: '-'
+    message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    program: apache2
+    rawrequest: ""
+    referrer: '"-"'
+    request: /solr/admin/info/system?wt=json
+    response: "500"
+    target_fqdn: ""
+    timestamp: 08/Jun/2020:08:04:43 +0000
+    verb: GET
+  Time: 2020-12-01T23:18:58.885943039+01:00
+  StrTime: 08/Jun/2020:08:04:43 +0000
+  Process: true
+  Meta:
+    http_path: /solr/admin/info/system?wt=json
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 195.54.160.135
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 2020-12-01T23:18:58.886407549+01:00
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+    auth: '-'
+    bytes: "803"
+    clientip: 1.2.3.4
+    httpversion: "1.1"
+    ident: '-'
+    message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    program: apache2
+    rawrequest: ""
+    referrer: '"-"'
+    request: /solr/admin/info/system?wt=json
+    response: "500"
+    target_fqdn: www.crowdsec.net
+    timestamp: 08/Jun/2020:08:04:43 +0000
+    verb: GET
+  Time: 2020-12-01T23:18:58.8875633+01:00
+  StrTime: 08/Jun/2020:08:04:43 +0000
+  Process: true
+  Meta:
+    http_path: /solr/admin/info/system?wt=json
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 1.2.3.4
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 2020-12-01T23:18:58.886407549+01:00
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+    auth: '-'
+    bytes: "803"
+    clientip: 1.2.3.5
+    httpversion: "1.1"
+    ident: '-'
+    message: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    program: apache2
+    rawrequest: ""
+    referrer: '"-"'
+    request: /test/uppercase/extensions.JPG
+    response: "500"
+    target_fqdn: www.crowdsec11.net
+    timestamp: 08/Jun/2020:08:04:43 +0000
+    verb: GET
+  Time: 2020-12-01T23:18:58.8875633+01:00
+  StrTime: 08/Jun/2020:08:04:43 +0000
+  Process: true
+  Meta:
+    http_path: /test/uppercase/extensions.JPG
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 1.2.3.5

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_results.yaml b/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..4f018d0
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_results.yaml
@@ -0,0 +1,413 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse: {}
+  s02-enrich:
+    crowdsecurity/http-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: nginx
+        process: true
+      Parsed:
+        body_bytes_sent: "522"
+        file_dir: /.well-known/acme-challenge/
+        file_ext: ""
+        file_frag: FMuukC2JOJ5HKmLBujjE_BkDo
+        file_name: FMuukC2JOJ5HKmLBujjE_BkDo
+        http_referer: '-'
+        http_user_agent: Go-http-client/1.1
+        http_version: "1.1"
+        impact_completion: "false"
+        message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+        method: GET
+        program: nginx
+        remote_addr: 5.5.8.5
+        remote_user: '-'
+        request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo
+        static_ressource: "false"
+        status: "404"
+        target_fqdn: ""
+        time_local: 04/Jan/2020:07:25:02 +0000
+      StrTime: 04/Jan/2020:07:25:02 +0000
+      Meta:
+        http_args_len: "0"
+        http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo
+        http_status: "404"
+        log_type: http_access-log
+        service: http
+        source_ip: 5.5.8.5
+- s00-raw: {}
+  s01-parse: {}
+  s02-enrich:
+    crowdsecurity/http-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: nginx
+        process: true
+      Parsed:
+        body_bytes_sent: "550"
+        file_dir: /index.php/
+        file_ext: ""
+        file_frag: nous-contacter/
+        file_name: nous-contacter/
+        http_referer: '-'
+        http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+        http_version: "1.1"
+        impact_completion: "true"
+        message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+        method: GET
+        program: nginx
+        remote_addr: 52.59.61.4
+        remote_user: '-'
+        request: /index.php/nous-contacter/
+        static_ressource: "false"
+        status: "500"
+        target_fqdn: ""
+        time_local: 04/Jan/2020:08:41:43 +0000
+      StrTime: 04/Jan/2020:08:41:43 +0000
+      Meta:
+        http_args_len: "0"
+        http_path: /index.php/nous-contacter/
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 52.59.61.4
+- s00-raw: {}
+  s01-parse: {}
+  s02-enrich:
+    crowdsecurity/http-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+        auth: '-'
+        bytes: "803"
+        clientip: 195.54.160.135
+        file_dir: /solr/admin/info/
+        file_ext: ""
+        file_frag: system
+        file_name: system
+        http_args: wt=json
+        httpversion: "1.1"
+        ident: '-'
+        impact_completion: "true"
+        message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /solr/admin/info/system
+        response: "500"
+        static_ressource: "false"
+        target_fqdn: ""
+        timestamp: 08/Jun/2020:08:04:43 +0000
+        verb: GET
+      StrTime: 08/Jun/2020:08:04:43 +0000
+      Meta:
+        http_args_len: "7"
+        http_path: /solr/admin/info/system?wt=json
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 195.54.160.135
+- s00-raw: {}
+  s01-parse: {}
+  s02-enrich:
+    crowdsecurity/http-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+        auth: '-'
+        bytes: "803"
+        clientip: 1.2.3.4
+        file_dir: /solr/admin/info/
+        file_ext: ""
+        file_frag: system
+        file_name: system
+        http_args: wt=json
+        httpversion: "1.1"
+        ident: '-'
+        impact_completion: "true"
+        message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /solr/admin/info/system
+        response: "500"
+        static_ressource: "false"
+        target_fqdn: www.crowdsec.net
+        timestamp: 08/Jun/2020:08:04:43 +0000
+        verb: GET
+      StrTime: 08/Jun/2020:08:04:43 +0000
+      Meta:
+        http_args_len: "7"
+        http_path: /solr/admin/info/system?wt=json
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 1.2.3.4
+- s00-raw: {}
+  s01-parse: {}
+  s02-enrich:
+    crowdsecurity/http-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Line:
+        Raw: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+        time: 0001-01-01T00:00:00Z
+        Labels:
+          type: apache2
+        process: true
+      Parsed:
+        agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+        auth: '-'
+        bytes: "803"
+        clientip: 1.2.3.5
+        file_dir: /test/uppercase/
+        file_ext: .JPG
+        file_frag: extensions
+        file_name: extensions.JPG
+        httpversion: "1.1"
+        ident: '-'
+        impact_completion: "true"
+        message: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+        program: apache2
+        rawrequest: ""
+        referrer: '"-"'
+        request: /test/uppercase/extensions.JPG
+        response: "500"
+        static_ressource: "true"
+        target_fqdn: www.crowdsec11.net
+        timestamp: 08/Jun/2020:08:04:43 +0000
+        verb: GET
+      StrTime: 08/Jun/2020:08:04:43 +0000
+      Meta:
+        http_args_len: "0"
+        http_path: /test/uppercase/extensions.JPG
+        http_status: "500"
+        log_type: http_access-log
+        service: http
+        source_ip: 1.2.3.5
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    body_bytes_sent: "522"
+    file_dir: /.well-known/acme-challenge/
+    file_ext: ""
+    file_frag: FMuukC2JOJ5HKmLBujjE_BkDo
+    file_name: FMuukC2JOJ5HKmLBujjE_BkDo
+    http_referer: '-'
+    http_user_agent: Go-http-client/1.1
+    http_version: "1.1"
+    impact_completion: "false"
+    message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+    method: GET
+    program: nginx
+    remote_addr: 5.5.8.5
+    remote_user: '-'
+    request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo
+    static_ressource: "false"
+    status: "404"
+    target_fqdn: ""
+    time_local: 04/Jan/2020:07:25:02 +0000
+  StrTime: 04/Jan/2020:07:25:02 +0000
+  Process: true
+  Meta:
+    http_args_len: "0"
+    http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo
+    http_status: "404"
+    log_type: http_access-log
+    service: http
+    source_ip: 5.5.8.5
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: nginx
+    process: true
+  Parsed:
+    body_bytes_sent: "550"
+    file_dir: /index.php/
+    file_ext: ""
+    file_frag: nous-contacter/
+    file_name: nous-contacter/
+    http_referer: '-'
+    http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
+    http_version: "1.1"
+    impact_completion: "true"
+    message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+    method: GET
+    program: nginx
+    remote_addr: 52.59.61.4
+    remote_user: '-'
+    request: /index.php/nous-contacter/
+    static_ressource: "false"
+    status: "500"
+    target_fqdn: ""
+    time_local: 04/Jan/2020:08:41:43 +0000
+  StrTime: 04/Jan/2020:08:41:43 +0000
+  Process: true
+  Meta:
+    http_args_len: "0"
+    http_path: /index.php/nous-contacter/
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 52.59.61.4
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+    auth: '-'
+    bytes: "803"
+    clientip: 195.54.160.135
+    file_dir: /solr/admin/info/
+    file_ext: ""
+    file_frag: system
+    file_name: system
+    http_args: wt=json
+    httpversion: "1.1"
+    ident: '-'
+    impact_completion: "true"
+    message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    program: apache2
+    rawrequest: ""
+    referrer: '"-"'
+    request: /solr/admin/info/system
+    response: "500"
+    static_ressource: "false"
+    target_fqdn: ""
+    timestamp: 08/Jun/2020:08:04:43 +0000
+    verb: GET
+  StrTime: 08/Jun/2020:08:04:43 +0000
+  Process: true
+  Meta:
+    http_args_len: "7"
+    http_path: /solr/admin/info/system?wt=json
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 195.54.160.135
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+    auth: '-'
+    bytes: "803"
+    clientip: 1.2.3.4
+    file_dir: /solr/admin/info/
+    file_ext: ""
+    file_frag: system
+    file_name: system
+    http_args: wt=json
+    httpversion: "1.1"
+    ident: '-'
+    impact_completion: "true"
+    message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    program: apache2
+    rawrequest: ""
+    referrer: '"-"'
+    request: /solr/admin/info/system
+    response: "500"
+    static_ressource: "false"
+    target_fqdn: www.crowdsec.net
+    timestamp: 08/Jun/2020:08:04:43 +0000
+    verb: GET
+  StrTime: 08/Jun/2020:08:04:43 +0000
+  Process: true
+  Meta:
+    http_args_len: "7"
+    http_path: /solr/admin/info/system?wt=json
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 1.2.3.4
+- ExpectMode: 1
+  Stage: s02-enrich
+  Line:
+    Raw: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log
+    time: 0001-01-01T00:00:00Z
+    Labels:
+      type: apache2
+    process: true
+  Parsed:
+    agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"'
+    auth: '-'
+    bytes: "803"
+    clientip: 1.2.3.5
+    file_dir: /test/uppercase/
+    file_ext: .JPG
+    file_frag: extensions
+    file_name: extensions.JPG
+    httpversion: "1.1"
+    ident: '-'
+    impact_completion: "true"
+    message: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+    program: apache2
+    rawrequest: ""
+    referrer: '"-"'
+    request: /test/uppercase/extensions.JPG
+    response: "500"
+    static_ressource: "true"
+    target_fqdn: www.crowdsec11.net
+    timestamp: 08/Jun/2020:08:04:43 +0000
+    verb: GET
+  StrTime: 08/Jun/2020:08:04:43 +0000
+  Process: true
+  Meta:
+    http_args_len: "0"
+    http_path: /test/uppercase/extensions.JPG
+    http_status: "500"
+    log_type: http_access-log
+    service: http
+    source_ip: 1.2.3.5

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/config.yaml b/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/config.yaml
new file mode 100644 (file)
index 0000000..66ea60b
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/config.yaml
@@ -0,0 +1,8 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/naxsi-logs

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_input.yaml b/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_input.yaml
new file mode 100644 (file)
index 0000000..12bc3c2
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_input.yaml
@@ -0,0 +1,10 @@
+- ExpectMode: 1
+  Stage: s02-enrich
+  Parsed:
+    program: nginx
+    message: "NAXSI_EXLOG: ip=127.0.0.1&server=127.0.0.1&uri=/&id=1302&zone=ARGS&var_name=a&content=a<>bcd"
+  Time: 2020-12-01T23:19:00.262129175+01:00
+  StrTime: 04/Jan/2020:07:25:02 +0000
+  Process: true
+  Meta:
+   log_type: http_error-log

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_results.yaml b/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_results.yaml
new file mode 100644 (file)
index 0000000..782bf59
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_results.yaml
@@ -0,0 +1,39 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse: {}
+  s02-enrich:
+    crowdsecurity/naxsi-logs:
+      ExpectMode: 1
+      Stage: s02-enrich
+      Parsed:
+        http_path: /
+        message: 'NAXSI_EXLOG: ip=127.0.0.1&server=127.0.0.1&uri=/&id=1302&zone=ARGS&var_name=a&content=a<>bcd'
+        naxsi_dst_ip: 127.0.0.1
+        naxsi_id: "1302"
+        naxsi_src_ip: 127.0.0.1
+        naxsi_var_name: a
+        naxsi_zone: ARGS
+        program: nginx
+      StrTime: 04/Jan/2020:07:25:02 +0000
+      Meta:
+        http_path: /
+        log_type: waf_naxsi-log
+        source_ip: 127.0.0.1
+finalresults:
+- ExpectMode: 1
+  Stage: s02-enrich
+  Parsed:
+    http_path: /
+    message: 'NAXSI_EXLOG: ip=127.0.0.1&server=127.0.0.1&uri=/&id=1302&zone=ARGS&var_name=a&content=a<>bcd'
+    naxsi_dst_ip: 127.0.0.1
+    naxsi_id: "1302"
+    naxsi_src_ip: 127.0.0.1
+    naxsi_var_name: a
+    naxsi_zone: ARGS
+    program: nginx
+  StrTime: 04/Jan/2020:07:25:02 +0000
+  Process: true
+  Meta:
+    http_path: /
+    log_type: waf_naxsi-log
+    source_ip: 127.0.0.1

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/whitelists/config.yaml b/parsers/s02-enrich/crowdsecurity/.tests/whitelists/config.yaml
new file mode 100644 (file)
index 0000000..fb43733
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/whitelists/config.yaml
@@ -0,0 +1,7 @@
+parser_input: parser_input.yaml
+parser_results: parser_results.yaml
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  parsers:
+  - crowdsecurity/whitelists

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_input.yaml b/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_input.yaml
new file mode 100644 (file)
index 0000000..09c7c28
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_input.yaml
@@ -0,0 +1,10 @@
+- ExpectMode: 1
+  Stage: s02-enrich
+  Time: 2020-12-11T13:05:46.765680868+01:00
+  StrTime: Nov 10 15:01:29
+  Process: true
+  Meta:
+    log_type: ssh_failed-auth
+    service: ssh
+    source_ip: 127.0.0.1
+    target_user: test_ftp

diff --git a/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_results.yaml b/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_results.yaml
new file mode 100644 (file)
index 0000000..dc0a5ab
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_results.yaml
@@ -0,0 +1,27 @@
+provisionalresults:
+- s00-raw: {}
+  s01-parse: {}
+  s02-enrich:
+    crowdsecurity/whitelists:
+      ExpectMode: 1
+      Whitelisted: true
+      whitelist_reason: private ipv4 ranges
+      Stage: s02-enrich
+      StrTime: Nov 10 15:01:29
+      Meta:
+        log_type: ssh_failed-auth
+        service: ssh
+        source_ip: 127.0.0.1
+        target_user: test_ftp
+finalresults:
+- ExpectMode: 1
+  Whitelisted: true
+  whitelist_reason: private ipv4 ranges
+  Stage: s02-enrich
+  StrTime: Nov 10 15:01:29
+  Process: true
+  Meta:
+    log_type: ssh_failed-auth
+    service: ssh
+    source_ip: 127.0.0.1
+    target_user: test_ftp

diff --git a/parsers/s02-enrich/crowdsecurity/dateparse-enrich.md b/parsers/s02-enrich/crowdsecurity/dateparse-enrich.md
new file mode 100644 (file)
index 0000000..7e04a88
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/dateparse-enrich.md
@@ -0,0 +1,17 @@
+Parses timestamp strings in logs to be used in [forensic mode](https://doc.crowdsec.net/Crowdsec/v1/user_guide/forensic_mode/). The following formats are currently supported :
+
+ - RFC3339
+ - `02/Jan/2006:15:04:05 -0700`
+ - `Mon Jan 2 15:04:05 2006`
+ - `02-Jan-2006 15:04:05 europe/paris`
+ - `01/02/2006 15:04:05`
+ - `2006-01-02 15:04:05.999999999 -0700 MST`
+ - `Jan  2 15:04:05`
+ - `Mon Jan 02 15:04:05.000000 2006`
+ - `2006-01-02T15:04:05Z07:00`
+ - `2006/01/02`
+ - `2006/01/02 15:04`
+ - `2006-01-02`
+ - `2006-01-02 15:04`
+
+The `StrTime` item of the event is parsed by default. See [crowdsecurity/syslog-logs](https://hub.crowdsec.net/author/crowdsecurity/configurations/syslog-logs) as an example of a parser setting this field for `crowdsecurity/dateparse-enrich`.

diff --git a/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml b/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml
new file mode 100644 (file)
index 0000000..d803f27
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml
@@ -0,0 +1,9 @@
+filter: "evt.StrTime != ''"
+name: crowdsecurity/dateparse-enrich
+#debug: true
+#it's a hack lol
+statics:
+  - method: ParseDate
+    expression: evt.StrTime
+  - target: MarshaledTime
+    expression: evt.Enriched.MarshaledTime
\ No newline at end of file

diff --git a/parsers/s02-enrich/crowdsecurity/geoip-enrich.md b/parsers/s02-enrich/crowdsecurity/geoip-enrich.md
new file mode 100644 (file)
index 0000000..72167c7
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/geoip-enrich.md
@@ -0,0 +1,15 @@
+The GeoIP module relies on geolite database to provide enrichment on source ip.
+
+The following informations will be added to the event :
+ - `Meta.IsoCode` : two-letters country code
+ - `Meta.IsInEU` : a boolean indicating if IP is in EU
+ - `Meta.GeoCoords` : latitude & longitude of IP
+ - `Meta.ASNNumber` : Autonomous System Number
+ - `Meta.ASNOrg` : Autonomous System Name
+ - `Meta.SourceRange` : The public range to which the IP belongs
+
+
+This configuration includes GeoLite2 data created by MaxMind available from [https://www.maxmind.com](https://www.maxmind.com), it includes two data files: 
+* [GeoLite2-City.mmdb](https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-City.mmdb)
+* [GeoLite2-ASN.mmdb](https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-ASN.mmdb)
+

diff --git a/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml b/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml
new file mode 100644 (file)
index 0000000..59a4fca
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml
@@ -0,0 +1,27 @@
+filter: "'source_ip' in evt.Meta"
+name: crowdsecurity/geoip-enrich
+description: "Populate event with geoloc info : as, country, coords, source range."
+data:
+  - source_url: https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-City.mmdb
+    dest_file: GeoLite2-City.mmdb
+  - source_url: https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-ASN.mmdb
+    dest_file: GeoLite2-ASN.mmdb
+statics:
+  - method: GeoIpCity
+    expression: evt.Meta.source_ip
+  - meta: IsoCode
+    expression: evt.Enriched.IsoCode
+  - meta: IsInEU
+    expression: evt.Enriched.IsInEU
+  - meta: GeoCoords
+    expression: evt.Enriched.GeoCoords
+  - method: GeoIpASN
+    expression: evt.Meta.source_ip
+  - meta: ASNNumber
+    expression: evt.Enriched.ASNNumber
+  - meta: ASNOrg
+    expression: evt.Enriched.ASNOrg
+  - method: IpToRange
+    expression: evt.Meta.source_ip
+  - meta: SourceRange
+    expression: evt.Enriched.SourceRange

diff --git a/parsers/s02-enrich/crowdsecurity/http-logs.md b/parsers/s02-enrich/crowdsecurity/http-logs.md
new file mode 100644 (file)
index 0000000..43f9292
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/http-logs.md
@@ -0,0 +1,4 @@
+This parser is a generic post-parsing http re-parser and profides more detailed information such as :
+ - static_ressource : a boolean to tell if the requested ressource is a static file
+ - file_name : simple file+file-extension
+ - impact_completion : a boolean flag indicating if the request succeeded (based on the http response code)

diff --git a/parsers/s02-enrich/crowdsecurity/http-logs.yaml b/parsers/s02-enrich/crowdsecurity/http-logs.yaml
new file mode 100644 (file)
index 0000000..0699ce6
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/http-logs.yaml
@@ -0,0 +1,33 @@
+filter: "evt.Meta.service == 'http' && evt.Meta.log_type in ['http_access-log', 'http_error-log']"
+description: "Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource"
+name: crowdsecurity/http-logs
+pattern_syntax:
+  DIR: "^.*/"
+  FILE: "[^/].*?"
+  EXT: "\\.[^.]*$|$"
+nodes:
+  - statics:
+     - parsed: "impact_completion"
+       # the value of a field can as well be determined as the result of an expression
+       expression: "evt.Meta.http_status in ['404', '403', '502'] ? 'false' : 'true'"
+     - target: evt.Parsed.static_ressource
+       value: 'false'
+  # let's split the path?query if possible
+  - grok:
+      pattern: "^%{GREEDYDATA:request}\\?%{GREEDYDATA:http_args}$"
+      apply_on: request
+  # this is another node, with its own pattern_syntax
+  - #debug: true
+    grok:
+      pattern: "%{DIR:file_dir}%{FILE:file_frag}%{EXT:file_ext}"
+      apply_on: request
+      statics:
+        - meta: http_path
+          expression: "evt.Parsed.http_path"
+          # meta af
+        - meta: http_args_len
+          expression: "len(evt.Parsed.http_args)"
+        - parsed: file_name
+          expression: evt.Parsed.file_frag + evt.Parsed.file_ext
+        - parsed: static_ressource
+          expression: "Upper(evt.Parsed.file_ext) in ['.JPG', '.CSS', '.JS', '.JPEG', '.PNG', '.SVG', '.MAP', '.ICO', '.OTF', '.GIF', '.MP3', '.MP4', '.WOFF', '.WOFF2', '.TTF', '.OTF', '.EOT', '.WEBP'] ? 'true' : 'false'"

diff --git a/parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml b/parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml
new file mode 100644 (file)
index 0000000..9bd2ab1
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml
@@ -0,0 +1,16 @@
+#let's try to post-process nginx error log to have naxsi pattern
+filter: "evt.Meta.log_type == 'http_error-log' && evt.Parsed.program == 'nginx'"
+description: "Enrich logs if its from NAXSI"
+name: crowdsecurity/naxsi-logs
+grok:
+  name: "NAXSI_EXLOG"
+  apply_on: message
+statics:
+  - target: evt.Meta.log_type
+    value: waf_naxsi-log
+  - meta: source_ip
+    expression: "evt.Parsed.naxsi_src_ip"
+  - meta: http_path
+    expression: "evt.Parsed.http_path"
+  - meta: dest_ip
+    expression: "evt.Parsed.target_ip"
\ No newline at end of file

diff --git a/parsers/s02-enrich/crowdsecurity/whitelists.md b/parsers/s02-enrich/crowdsecurity/whitelists.md
new file mode 100644 (file)
index 0000000..41e6284
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/whitelists.md
@@ -0,0 +1,2 @@
+A generic whitelist to avoid banning yourself, whitelisted ranges :
+192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12

diff --git a/parsers/s02-enrich/crowdsecurity/whitelists.yaml b/parsers/s02-enrich/crowdsecurity/whitelists.yaml
new file mode 100644 (file)
index 0000000..d398ee8
--- /dev/null
+++ b/parsers/s02-enrich/crowdsecurity/whitelists.yaml
@@ -0,0 +1,13 @@
+name: crowdsecurity/whitelists
+description: "Whitelist events from private ipv4 addresses"
+whitelist:
+  reason: "private ipv4 ranges"
+  ip: 
+    - "127.0.0.1"
+  cidr:
+    - "192.168.0.0/16"
+    - "10.0.0.0/8"
+    - "172.16.0.0/12"
+  # expression:
+  #   - "'foo.com' in evt.Meta.source_ip.reverse" 
+

diff --git a/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/config.yaml b/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/config.yaml
new file mode 100644 (file)
index 0000000..0387642
--- /dev/null
+++ b/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/config.yaml
@@ -0,0 +1,7 @@
+postoverflow_input: po_input.yaml
+postoverflow_results: postoverflow_results.yaml
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  postoverflows:
+  - crowdsecurity/rdns

diff --git a/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/po_input.yaml b/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/po_input.yaml
new file mode 100644 (file)
index 0000000..4d0d42c
--- /dev/null
+++ b/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/po_input.yaml
@@ -0,0 +1,16 @@
+- Type: 1
+  Alert:
+    Alert:
+      remediation: true
+      source:
+        ip: 8.8.8.8
+        scope: Ip
+        value: 8.8.8.8
+- Type: 1
+  Alert:
+    Alert:
+      remediation: true
+      source:
+        ip: 192.168.0.100
+        scope: Ip
+        value: 192.168.0.100

diff --git a/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/postoverflow_results.yaml b/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/postoverflow_results.yaml
new file mode 100644 (file)
index 0000000..df56bfd
--- /dev/null
+++ b/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/postoverflow_results.yaml
@@ -0,0 +1,216 @@
+provisionalresults:
+- s00-enrich:
+    crowdsecurity/rdns:
+      Type: 1
+      Stage: s01-whitelist
+      Enriched:
+        reverse_dns: dns.google.
+      Alert:
+        Alert:
+          capacity: null
+          createdat: ""
+          decisions: []
+          events: []
+          eventscount: null
+          id: 0
+          labels: []
+          leakspeed: null
+          machineid: ""
+          message: null
+          meta: []
+          remediation: true
+          scenario: null
+          scenariohash: null
+          scenarioversion: null
+          simulated: null
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 8.8.8.8
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 8.8.8.8
+          startat: null
+          stopat: null
+      Meta:
+        reverse_dns: dns.google.
+  s01-whitelist:
+    "":
+      Type: 1
+      Stage: s01-whitelist
+      Enriched:
+        reverse_dns: dns.google.
+      Alert:
+        Alert:
+          capacity: null
+          createdat: ""
+          decisions: []
+          events: []
+          eventscount: null
+          id: 0
+          labels: []
+          leakspeed: null
+          machineid: ""
+          message: null
+          meta: []
+          remediation: true
+          scenario: null
+          scenariohash: null
+          scenarioversion: null
+          simulated: null
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 8.8.8.8
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 8.8.8.8
+          startat: null
+          stopat: null
+      Meta:
+        reverse_dns: dns.google.
+- s00-enrich:
+    crowdsecurity/rdns:
+      Type: 1
+      Stage: s01-whitelist
+      Alert:
+        Alert:
+          capacity: null
+          createdat: ""
+          decisions: []
+          events: []
+          eventscount: null
+          id: 0
+          labels: []
+          leakspeed: null
+          machineid: ""
+          message: null
+          meta: []
+          remediation: true
+          scenario: null
+          scenariohash: null
+          scenarioversion: null
+          simulated: null
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 192.168.0.100
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 192.168.0.100
+          startat: null
+          stopat: null
+  s01-whitelist:
+    "":
+      Type: 1
+      Stage: s01-whitelist
+      Alert:
+        Alert:
+          capacity: null
+          createdat: ""
+          decisions: []
+          events: []
+          eventscount: null
+          id: 0
+          labels: []
+          leakspeed: null
+          machineid: ""
+          message: null
+          meta: []
+          remediation: true
+          scenario: null
+          scenariohash: null
+          scenarioversion: null
+          simulated: null
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 192.168.0.100
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 192.168.0.100
+          startat: null
+          stopat: null
+finalresults:
+- Type: 1
+  Stage: s01-whitelist
+  Enriched:
+    reverse_dns: dns.google.
+  Alert:
+    Alert:
+      capacity: null
+      createdat: ""
+      decisions: []
+      events: []
+      eventscount: null
+      id: 0
+      labels: []
+      leakspeed: null
+      machineid: ""
+      message: null
+      meta: []
+      remediation: true
+      scenario: null
+      scenariohash: null
+      scenarioversion: null
+      simulated: null
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: null
+      stopat: null
+  Process: true
+  Meta:
+    reverse_dns: dns.google.
+- Type: 1
+  Stage: s01-whitelist
+  Alert:
+    Alert:
+      capacity: null
+      createdat: ""
+      decisions: []
+      events: []
+      eventscount: null
+      id: 0
+      labels: []
+      leakspeed: null
+      machineid: ""
+      message: null
+      meta: []
+      remediation: true
+      scenario: null
+      scenariohash: null
+      scenarioversion: null
+      simulated: null
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 192.168.0.100
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 192.168.0.100
+      startat: null
+      stopat: null
+  Process: true

diff --git a/postoverflows/s00-enrich/crowdsecurity/rdns.md b/postoverflows/s00-enrich/crowdsecurity/rdns.md
new file mode 100644 (file)
index 0000000..e1878dd
--- /dev/null
+++ b/postoverflows/s00-enrich/crowdsecurity/rdns.md
@@ -0,0 +1,3 @@
+# Rdns enricher
+
+This will use `reverse_dns` method to enrich en event with the reverse dns of the IP if it exists.
\ No newline at end of file

diff --git a/postoverflows/s00-enrich/crowdsecurity/rdns.yaml b/postoverflows/s00-enrich/crowdsecurity/rdns.yaml
new file mode 100644 (file)
index 0000000..2dcc16b
--- /dev/null
+++ b/postoverflows/s00-enrich/crowdsecurity/rdns.yaml
@@ -0,0 +1,9 @@
+onsuccess: next_stage
+filter: "evt.Overflow.Alert.Remediation == true"
+name: crowdsecurity/rdns
+description: "Lookup the DNS associated to the source IP only for overflows"
+statics:
+  - method: reverse_dns
+    expression: evt.Overflow.Alert.Source.IP
+  - meta: reverse_dns
+    expression: evt.Enriched.reverse_dns

diff --git a/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/config.yaml b/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/config.yaml
new file mode 100644 (file)
index 0000000..e3d9227
--- /dev/null
+++ b/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/config.yaml
@@ -0,0 +1,7 @@
+postoverflow_input: parser_input.yaml
+postoverflow_results: parser_results.yaml
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  postoverflows:
+  - crowdsecurity/cdn-whitelist

diff --git a/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_input.yaml b/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_input.yaml
new file mode 100644 (file)
index 0000000..269f407
--- /dev/null
+++ b/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_input.yaml
@@ -0,0 +1,86 @@
+- Type: 1
+  Alert:
+    Sources:
+      173.245.45.5:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 173.245.45.5
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 173.245.45.5
+    Alert:
+      capacity: 1
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 173.245.45.5
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 173.245.45.5
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+- Type: 1
+  Alert:
+    Sources:
+      198.41.128.3:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 198.41.128.3
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 198.41.128.3
+    Alert:
+      capacity: 1
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 198.41.128.3
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 198.41.128.3
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_results.yaml b/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_results.yaml
new file mode 100644 (file)
index 0000000..86ca5bd
--- /dev/null
+++ b/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_results.yaml
@@ -0,0 +1,306 @@
+provisionalresults:
+- s00-enrich:
+    "":
+      Type: 1
+      Stage: s01-whitelist
+      Alert:
+        Sources:
+          173.245.45.5:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 173.245.45.5
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 173.245.45.5
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 173.245.45.5
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 173.245.45.5
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+  s01-whitelist:
+    crowdsecurity/cdn-whitelist:
+      Type: 1
+      Stage: s01-whitelist
+      Alert:
+        Sources:
+          173.245.45.5:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 173.245.45.5
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 173.245.45.5
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 173.245.45.5
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 173.245.45.5
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+- s00-enrich:
+    "":
+      Type: 1
+      Stage: s01-whitelist
+      Alert:
+        Sources:
+          198.41.128.3:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 198.41.128.3
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 198.41.128.3
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 198.41.128.3
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 198.41.128.3
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+  s01-whitelist:
+    crowdsecurity/cdn-whitelist:
+      Type: 1
+      Whitelisted: true
+      whitelist_reason: CDN provider
+      Stage: s01-whitelist
+      Alert:
+        Whitelisted: true
+        Sources:
+          198.41.128.3:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 198.41.128.3
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 198.41.128.3
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 198.41.128.3
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 198.41.128.3
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+finalresults:
+- Type: 1
+  Stage: s01-whitelist
+  Alert:
+    Sources:
+      173.245.45.5:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 173.245.45.5
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 173.245.45.5
+    Alert:
+      capacity: 1
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 173.245.45.5
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 173.245.45.5
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+  Process: true
+- Type: 1
+  Whitelisted: true
+  whitelist_reason: CDN provider
+  Stage: s01-whitelist
+  Alert:
+    Whitelisted: true
+    Sources:
+      198.41.128.3:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 198.41.128.3
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 198.41.128.3
+    Alert:
+      capacity: 1
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 198.41.128.3
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 198.41.128.3
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+  Process: true

diff --git a/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/config.yaml b/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/config.yaml
new file mode 100644 (file)
index 0000000..d108f11
--- /dev/null
+++ b/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/config.yaml
@@ -0,0 +1,7 @@
+postoverflow_input: parser_input.yaml
+postoverflow_results: parser_results.yaml
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  postoverflows:
+  - crowdsecurity/seo-bots-whitelist

diff --git a/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_input.yaml b/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_input.yaml
new file mode 100644 (file)
index 0000000..c7335dd
--- /dev/null
+++ b/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_input.yaml
@@ -0,0 +1,226 @@
+#this one is whitelisted by IP (duckduckgo)
+- Type: 1
+  Alert:
+    Sources:
+      23.21.227.69:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 23.21.227.69
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 23.21.227.69
+    Alert:
+      capacity: 1
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 23.21.227.69
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 23.21.227.69
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+#this one isn't
+- Type: 1
+  Alert:
+    Sources:
+      1.1.1.1:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+    Alert:
+      capacity: 1
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+# this one is whitelisted by reverse dns regexp
+- Type: 1
+  Enriched:
+    reverse_dns: google-proxy-1-1-1-1.google.com.
+  Alert:
+    Sources:
+      1.1.1.1:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+    Alert:
+      capacity: 1
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+# this one is whitelisted by reverse dns string match
+- Type: 1
+  Enriched:
+    reverse_dns: foobar.googlebot.com.
+  Alert:
+    Sources:
+      1.1.1.1:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+    Alert:
+      capacity: 1
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+# this one isn't whitelisted by reverse dns
+- Type: 1
+  Enriched:
+    reverse_dns: foobar.gagle.com.
+  Alert:
+    Sources:
+      1.1.1.1:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+    Alert:
+      capacity: 1
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
\ No newline at end of file

diff --git a/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_results.yaml b/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_results.yaml
new file mode 100644 (file)
index 0000000..8826bf5
--- /dev/null
+++ b/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_results.yaml
@@ -0,0 +1,783 @@
+provisionalresults:
+- s00-enrich:
+    "":
+      Type: 1
+      Stage: s01-whitelist
+      Alert:
+        Sources:
+          23.21.227.69:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 23.21.227.69
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 23.21.227.69
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 23.21.227.69
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 23.21.227.69
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+  s01-whitelist:
+    crowdsecurity/seo-bots-whitelist:
+      Type: 1
+      Whitelisted: true
+      whitelist_reason: good bots (search engine crawlers)
+      Stage: s01-whitelist
+      Alert:
+        Whitelisted: true
+        Sources:
+          23.21.227.69:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 23.21.227.69
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 23.21.227.69
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 23.21.227.69
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 23.21.227.69
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+- s00-enrich:
+    "":
+      Type: 1
+      Stage: s01-whitelist
+      Alert:
+        Sources:
+          1.1.1.1:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+  s01-whitelist:
+    crowdsecurity/seo-bots-whitelist:
+      Type: 1
+      Stage: s01-whitelist
+      Alert:
+        Sources:
+          1.1.1.1:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+- s00-enrich:
+    "":
+      Type: 1
+      Stage: s01-whitelist
+      Enriched:
+        reverse_dns: google-proxy-1-1-1-1.google.com.
+      Alert:
+        Sources:
+          1.1.1.1:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+  s01-whitelist:
+    crowdsecurity/seo-bots-whitelist:
+      Type: 1
+      Whitelisted: true
+      whitelist_reason: good bots (search engine crawlers)
+      Stage: s01-whitelist
+      Enriched:
+        reverse_dns: google-proxy-1-1-1-1.google.com.
+      Alert:
+        Whitelisted: true
+        Sources:
+          1.1.1.1:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+- s00-enrich:
+    "":
+      Type: 1
+      Stage: s01-whitelist
+      Enriched:
+        reverse_dns: foobar.googlebot.com.
+      Alert:
+        Sources:
+          1.1.1.1:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+  s01-whitelist:
+    crowdsecurity/seo-bots-whitelist:
+      Type: 1
+      Whitelisted: true
+      whitelist_reason: good bots (search engine crawlers)
+      Stage: s01-whitelist
+      Enriched:
+        reverse_dns: foobar.googlebot.com.
+      Alert:
+        Whitelisted: true
+        Sources:
+          1.1.1.1:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+- s00-enrich:
+    "":
+      Type: 1
+      Stage: s01-whitelist
+      Enriched:
+        reverse_dns: foobar.gagle.com.
+      Alert:
+        Sources:
+          1.1.1.1:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+  s01-whitelist:
+    crowdsecurity/seo-bots-whitelist:
+      Type: 1
+      Stage: s01-whitelist
+      Enriched:
+        reverse_dns: foobar.gagle.com.
+      Alert:
+        Sources:
+          1.1.1.1:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+        Alert:
+          capacity: 1
+          createdat: ""
+          decisions: []
+          events:
+          - meta:
+            - key: log_type
+              value: ssh_failed-auth
+            timestamp: "2020-11-10T15:01:29Z"
+          eventscount: 6
+          id: 0
+          labels: []
+          leakspeed: 10s
+          machineid: ""
+          message: ""
+          meta: []
+          remediation: true
+          scenario: crowdsecurity/ssh-bf
+          scenariohash: ""
+          scenarioversion: ""
+          simulated: false
+          source:
+            asname: ""
+            asnumber: ""
+            cn: ""
+            ip: 1.1.1.1
+            latitude: 0
+            longitude: 0
+            range: ""
+            scope: Ip
+            value: 1.1.1.1
+          startat: "0001-01-01T00:00:00Z"
+          stopat: "0001-01-01T00:00:00Z"
+      MarshaledTime: "0001-01-01T00:00:00Z"
+finalresults:
+- Type: 1
+  Whitelisted: true
+  whitelist_reason: good bots (search engine crawlers)
+  Stage: s01-whitelist
+  Alert:
+    Whitelisted: true
+    Sources:
+      23.21.227.69:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 23.21.227.69
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 23.21.227.69
+    Alert:
+      capacity: 1
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 23.21.227.69
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 23.21.227.69
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+  Process: true
+- Type: 1
+  Stage: s01-whitelist
+  Alert:
+    Sources:
+      1.1.1.1:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+    Alert:
+      capacity: 1
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+  Process: true
+- Type: 1
+  Whitelisted: true
+  whitelist_reason: good bots (search engine crawlers)
+  Stage: s01-whitelist
+  Enriched:
+    reverse_dns: google-proxy-1-1-1-1.google.com.
+  Alert:
+    Whitelisted: true
+    Sources:
+      1.1.1.1:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+    Alert:
+      capacity: 1
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+  Process: true
+- Type: 1
+  Whitelisted: true
+  whitelist_reason: good bots (search engine crawlers)
+  Stage: s01-whitelist
+  Enriched:
+    reverse_dns: foobar.googlebot.com.
+  Alert:
+    Whitelisted: true
+    Sources:
+      1.1.1.1:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+    Alert:
+      capacity: 1
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+  Process: true
+- Type: 1
+  Stage: s01-whitelist
+  Enriched:
+    reverse_dns: foobar.gagle.com.
+  Alert:
+    Sources:
+      1.1.1.1:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+    Alert:
+      capacity: 1
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: log_type
+          value: ssh_failed-auth
+        timestamp: "2020-11-10T15:01:29Z"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+  Process: true

diff --git a/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.md b/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.md
new file mode 100644 (file)
index 0000000..f34368b
--- /dev/null
+++ b/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.md
@@ -0,0 +1,6 @@
+# CDNs whitelist
+
+CDNs whitelist based on following lists:
+* https://www.cloudflare.com/ips-v4
+
+It will whitelist overflows triggered on an IP in those lists
\ No newline at end of file

diff --git a/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml b/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml
new file mode 100644 (file)
index 0000000..c2a2a04
--- /dev/null
+++ b/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml
@@ -0,0 +1,10 @@
+name: crowdsecurity/cdn-whitelist
+description: "Whitelist CDN providers"
+whitelist:
+  reason: "CDN provider"
+  expression: 
+    - "any(File('cloudflare_ips.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)})"
+data:
+  - source_url: https://www.cloudflare.com/ips-v4
+    dest_file: cloudflare_ips.txt
+    type: string

diff --git a/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.md b/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.md
new file mode 100644 (file)
index 0000000..67aebd8
--- /dev/null
+++ b/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.md
@@ -0,0 +1,11 @@
+# SEO Bots Whitelist
+
+Configuration based on `crowdsecurity/rdns` to whitelist following benign SEO bots:
+* duckduckBot
+* googlebot
+* yandex
+* bing
+* baidu
+* yahoo
+* pinterest
+* qwant

diff --git a/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml b/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml
new file mode 100644 (file)
index 0000000..23c39aa
--- /dev/null
+++ b/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml
@@ -0,0 +1,18 @@
+name: crowdsecurity/seo-bots-whitelist
+description: "Whitelist good search engine crawlers"
+whitelist:
+  reason: "good bots (search engine crawlers)"
+  expression: 
+    - "any(File('rdns_seo_bots.txt'), { len(#) > 0 && evt.Enriched.reverse_dns endsWith #})"
+    - "RegexpInFile(evt.Enriched.reverse_dns, 'rdns_seo_bots.regex')"
+    - "any(File('ip_seo_bots.txt'), { len(#) > 0 && IpInRange(evt.Overflow.Alert.Source.IP ,#)})"
+data:
+  - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/rdns_seo_bots.txt
+    dest_file: rdns_seo_bots.txt
+    type: string
+  - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/rnds_seo_bots.regex
+    dest_file: rdns_seo_bots.regex
+    type: regexp
+  - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/ip_seo_bots.txt
+    dest_file: ip_seo_bots.txt
+    type: string
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_input.yaml b/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_input.yaml
new file mode 100644 (file)
index 0000000..f05e6a5
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_input.yaml
@@ -0,0 +1,432 @@
+- Type: 1
+  Alert:
+    MapKey: 3cbe015437dac180af7767a997348e490c0e6300
+    Reprocess: true
+    Sources:
+      1.1.1.1:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+- Type: 1
+  Alert:
+    MapKey: 3cbe015437dac180af7767a997348e490c0e6300
+    Reprocess: true
+    Sources:
+      1.1.1.2:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.2
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.2
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.2
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+- Type: 1
+  Alert:
+    MapKey: 3cbe015437dac180af7767a997348e490c0e6300
+    Reprocess: true
+    Sources:
+      1.1.1.3:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.3
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.3
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.3
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+- Type: 1
+  Alert:
+    MapKey: 3cbe015437dac180af7767a997348e490c0e6300
+    Reprocess: true
+    Sources:
+      1.1.1.4:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+- Type: 1
+  Alert:
+    MapKey: 3cbe015437dac180af7767a997348e490c0e6300
+    Reprocess: true
+    Sources:
+      1.1.1.5:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.5
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.5
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.5
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+- Type: 1
+  Alert:
+    MapKey: 3cbe015437dac180af7767a997348e490c0e6300
+    Reprocess: true
+    Sources:
+      1.1.1.6:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.6
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.6
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.6
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_results.yaml b/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_results.yaml
new file mode 100644 (file)
index 0000000..40cbe1f
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_results.yaml
@@ -0,0 +1,263 @@
+- Type: 1
+  Alert:
+    MapKey: 8a13f1184b0f0bc0b762f39e31a4e315288baf80
+    Sources:
+      1.1.1.1:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      1.1.1.2:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.2
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      1.1.1.3:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.3
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      1.1.1.4:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      1.1.1.5:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.5
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      1.1.1.6:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.6
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 1m0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ban-defcon-drop_range
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 1m0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ban-defcon-drop_range
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 1m0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ban-defcon-drop_range
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.2
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 1m0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ban-defcon-drop_range
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.3
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 1m0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ban-defcon-drop_range
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 1m0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ban-defcon-drop_range
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.5
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events: []
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 1m0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ban-defcon-drop_range
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.6
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Range
+        value: 1.1.1.0/24
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/config.yaml b/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/config.yaml
new file mode 100644 (file)
index 0000000..d13bf7a
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml                 #unused in our example
+bucket_results: bucket_results.yaml              #unused in our example
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/ban-defcon-drop_range

diff --git a/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_input.yaml b/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_input.yaml
new file mode 100644 (file)
index 0000000..0bfd9a2
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_input.yaml
@@ -0,0 +1,41 @@
+#these are the events we input into parser
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: dovecot_logs
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    dovecot_local_ip: 7.7.7.7
+    dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs)
+    dovecot_remote_ip: 4.4.4.4
+    dovecot_user: toto@toto.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: dovecot_logs
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    dovecot_local_ip: 7.7.7.7
+    dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs)
+    dovecot_remote_ip: 4.4.4.4
+    dovecot_user: toto@toto.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: dovecot_logs
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    dovecot_local_ip: 7.7.7.7
+    dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs)
+    dovecot_remote_ip: 4.4.4.4
+    dovecot_user: toto@toto.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: dovecot_logs
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    dovecot_local_ip: 7.7.7.7
+    dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs)
+    dovecot_remote_ip: 4.4.4.4
+    dovecot_user: toto@toto.com

diff --git a/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_results.yaml b/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_results.yaml
new file mode 100644 (file)
index 0000000..ba5b235
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_results.yaml
@@ -0,0 +1,137 @@
+- Type: 1
+  Alert:
+    MapKey: ffceb7be7e20b8e20db02b764cebc6ef3d351a1c
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 3
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: dovecot_logs
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: dovecot_logs
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: dovecot_logs
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: dovecot_logs
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 4
+      id: 0
+      labels: []
+      leakspeed: 6m0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/dovecot-spam
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 3
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: dovecot_logs
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: dovecot_logs
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: dovecot_logs
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: dovecot_logs
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 4
+      id: 0
+      labels: []
+      leakspeed: 6m0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/dovecot-spam
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/dovecot-spam/config.yaml b/scenarios/crowdsecurity/.tests/dovecot-spam/config.yaml
new file mode 100644 (file)
index 0000000..3a92438
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/dovecot-spam/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml                 #unused in our example
+bucket_results: bucket_results.yaml              #unused in our example
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/dovecot-spam

diff --git a/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_input.yaml
new file mode 100644 (file)
index 0000000..6623a23
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_input.yaml
@@ -0,0 +1,30 @@
+#this one won't trigger overflow (backdoors are the same)
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: c99.php
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: c99.php
+#this one will
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: c99.php
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: jspShell.jsp
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_result.yaml b/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_result.yaml
new file mode 100644 (file)
index 0000000..48c32e5
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_result.yaml
@@ -0,0 +1,105 @@
+- Type: 1
+  Alert:
+    MapKey: a602b5cc97211993b68a64ba360e1697c93e677c
+    Sources:
+      1.1.1.1:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+    Alert:
+      capacity: 1
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.1.1.1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.1.1.1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 2
+      id: 0
+      labels: []
+      leakspeed: 5s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-backdoors-attempts
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 1
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.1.1.1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.1.1.1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 2
+      id: 0
+      labels: []
+      leakspeed: 5s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-backdoors-attempts
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-backdoors-attempts/config.yaml b/scenarios/crowdsecurity/.tests/http-backdoors-attempts/config.yaml
new file mode 100644 (file)
index 0000000..63be7ec
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-backdoors-attempts/config.yaml
@@ -0,0 +1,7 @@
+bucket_input: bucket_input.yaml     
+bucket_results: bucket_result.yaml 
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/http-backdoors-attempts

diff --git a/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_input.yaml
new file mode 100644 (file)
index 0000000..9740d46
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_input.yaml
@@ -0,0 +1,42 @@
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    http_user_agent: BacklinkCrawler
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    http_user_agent: BacklinkCrawler
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    http_user_agent: Sqlmap v1.1.1
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    http_user_agent: Sqlmap v1.1.1
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    http_user_agent: Turnitin
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    http_user_agent: Turnitin

diff --git a/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml
new file mode 100644 (file)
index 0000000..709526b
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml
@@ -0,0 +1,105 @@
+- Type: 1
+  Alert:
+    MapKey: 25fa9229bd06e973b3e656d1cc9b0a093cb779d1
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 1
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 2
+      id: 0
+      labels: []
+      leakspeed: 1m0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-bad-user-agent
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 1
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 2
+      id: 0
+      labels: []
+      leakspeed: 1m0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-bad-user-agent
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-bad-user-agent/config.yaml b/scenarios/crowdsecurity/.tests/http-bad-user-agent/config.yaml
new file mode 100644 (file)
index 0000000..e83b52f
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-bad-user-agent/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml                 #unused in our example
+bucket_results: bucket_results.yaml              #unused in our example
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/http-bad-user-agent

diff --git a/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_input.yaml
new file mode 100644 (file)
index 0000000..2069710
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_input.yaml
@@ -0,0 +1,54 @@
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    file_name: wp-login.php
+    status: '200'
+    verb: "POST"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    file_name: wp-login.php
+    status: '200'
+    verb: "POST"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    file_name: wp-login.php
+    status: '200'
+    verb: "POST"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    file_name: wp-login.php
+    status: '200'
+    verb: "POST"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    file_name: wp-login.php
+    status: '200'
+    verb: "POST"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    file_name: wp-login.php
+    status: '200'
+    verb: "POST"

diff --git a/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_results.yaml
new file mode 100644 (file)
index 0000000..404107d
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_results.yaml
@@ -0,0 +1,169 @@
+- Type: 1
+  Alert:
+    MapKey: 038a98a56c0d99467da6548b28c2bc74f3179534
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-bf-wordpress_bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-bf-wordpress_bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/config.yaml b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/config.yaml
new file mode 100644 (file)
index 0000000..2601a00
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml
+bucket_results: bucket_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/http-bf-wordpress_bf

diff --git a/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/po_input.yaml b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/po_input.yaml
new file mode 100644 (file)
index 0000000..d180dcf
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/po_input.yaml
@@ -0,0 +1,169 @@
+- Type: 1
+  Alert:
+    MapKey: cbe79d14d16ad4296f8396cd1983128eac4d5db1
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-bf-wordpress_bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-bf-wordpress_bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_input.yaml
new file mode 100644 (file)
index 0000000..71b9e9e
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_input.yaml
@@ -0,0 +1,372 @@
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test1.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test2.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test3.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test4.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test5.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test6.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:51.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test7.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:51.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test8.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:51.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test9.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:51.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test10.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:51.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test11.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:51.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test12.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:51.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test13.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test14.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test15.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test16.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test17.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test18.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test19.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test20.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test21.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test22.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test23.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test24.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test25.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test26.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test27.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test28.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test29.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:54.52Z
+  Time: 2020-12-09T07:20:54.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test30.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:54.52Z
+  Time: 2020-12-09T07:20:54.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test31.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:54.52Z
+  Time: 2020-12-09T07:20:54.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test32.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:54.52Z
+  Time: 2020-12-09T07:20:54.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test33.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:54.52Z
+  Time: 2020-12-09T07:20:54.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test34.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:54.52Z
+  Time: 2020-12-09T07:20:54.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test123.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:55.52Z
+  Time: 2020-12-09T07:20:55.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test35.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:55.52Z
+  Time: 2020-12-09T07:20:55.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test36.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:55.52Z
+  Time: 2020-12-09T07:20:55.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test37.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:55.52Z
+  Time: 2020-12-09T07:20:55.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test38.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:55.52Z
+  Time: 2020-12-09T07:20:55.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test39.php
+    target_fqdn: www.test.com
+
+
+

diff --git a/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_results.yaml
new file mode 100644 (file)
index 0000000..5aa2848
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_results.yaml
@@ -0,0 +1,169 @@
+- Type: 1
+  Alert:
+    MapKey: 1968020eb846775e894942d1ea55cd3da1b24895
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 40
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:54.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:54.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      eventscount: 41
+      id: 0
+      labels: []
+      leakspeed: 500ms
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-crawl-non_statics
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 40
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:54.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:54.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      eventscount: 41
+      id: 0
+      labels: []
+      leakspeed: 500ms
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-crawl-non_statics
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-crawl-non_statics/config.yaml b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/config.yaml
new file mode 100644 (file)
index 0000000..1738254
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml                 #unused in our example
+bucket_results: bucket_results.yaml              #unused in our example
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/http-crawl-non_statics

diff --git a/scenarios/crowdsecurity/.tests/http-crawl-non_statics/po_input.yaml b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/po_input.yaml
new file mode 100644 (file)
index 0000000..5aa2848
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/po_input.yaml
@@ -0,0 +1,169 @@
+- Type: 1
+  Alert:
+    MapKey: 1968020eb846775e894942d1ea55cd3da1b24895
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 40
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:54.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:54.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      eventscount: 41
+      id: 0
+      labels: []
+      leakspeed: 500ms
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-crawl-non_statics
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 40
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:54.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:54.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:55.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:55.363532653+01:00"
+      eventscount: 41
+      id: 0
+      labels: []
+      leakspeed: 500ms
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-crawl-non_statics
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_input.yaml
new file mode 100644 (file)
index 0000000..bf41559
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_input.yaml
@@ -0,0 +1,100 @@
+- Meta:
+    service: http
+    source_ip: 8.8.8.8
+    sub_type: auth_fail
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: wp-login.php
+    status: '403'
+- Meta:
+    service: http
+    source_ip: 8.8.8.8
+    sub_type: auth_fail
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: wp-login.php
+    status: '403'
+- Meta:
+    service: http
+    source_ip: 8.8.8.8
+    sub_type: auth_fail
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: wp-login.php
+    status: '403'
+- Meta:
+    service: http
+    source_ip: 8.8.8.8
+    sub_type: auth_fail
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: wp-login.php
+    status: '403'
+- Meta:
+    service: http
+    source_ip: 8.8.8.8
+    sub_type: auth_fail
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: wp-login.php
+    status: '403'
+- Meta:
+    service: http
+    source_ip: 8.8.8.8
+    sub_type: auth_fail
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: wp-login.php
+    status: '403'
+# this one won't
+- Meta:
+    service: http
+    source_ip: 1.1.1.1
+    sub_type: auth_fail
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: wp-login.php
+    status: '403'
+- Meta:
+    service: http
+    source_ip: 1.1.1.1
+    sub_type: auth_fail
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: wp-login.php
+    status: '403'
+- Meta:
+    service: http
+    source_ip: 1.1.1.1
+    sub_type: auth_fail
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: wp-login.php
+    status: '403'
+- Meta:
+    service: http
+    source_ip: 1.1.1.1
+    sub_type: auth_fail
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: wp-login.php
+    status: '403'
+- Meta:
+    service: http
+    source_ip: 1.1.1.1
+    sub_type: auth_fail
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    request: wp-login.php
+    status: '403'
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_result.yaml b/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_result.yaml
new file mode 100644 (file)
index 0000000..dc6d0e6
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_result.yaml
@@ -0,0 +1,193 @@
+- Type: 1
+  Alert:
+    MapKey: a685cc1a6bc11cec7b6443c898a27604dec9a3e9
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        - key: sub_type
+          value: auth_fail
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        - key: sub_type
+          value: auth_fail
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        - key: sub_type
+          value: auth_fail
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        - key: sub_type
+          value: auth_fail
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        - key: sub_type
+          value: auth_fail
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        - key: sub_type
+          value: auth_fail
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-generic-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        - key: sub_type
+          value: auth_fail
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        - key: sub_type
+          value: auth_fail
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        - key: sub_type
+          value: auth_fail
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        - key: sub_type
+          value: auth_fail
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        - key: sub_type
+          value: auth_fail
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        - key: sub_type
+          value: auth_fail
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-generic-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-generic-bf/config.yaml b/scenarios/crowdsecurity/.tests/http-generic-bf/config.yaml
new file mode 100644 (file)
index 0000000..06b7219
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-generic-bf/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml
+bucket_results: bucket_result.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/http-generic-bf
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_input.yaml
new file mode 100644 (file)
index 0000000..480e1e5
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_input.yaml
@@ -0,0 +1,82 @@
+#will trigger
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    http_path: "/../1"
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    http_path: "/../2"
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    http_path: "/../3"
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    http_path: "/../4"
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+#won't trigger (same path)
+- Meta:
+    source_ip: 2.2.2.2
+    log_type: http_access-log
+    http_path: "/../FP"
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 2.2.2.2
+    log_type: http_access-log
+    http_path: "/../FP"
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 2.2.2.2
+    log_type: http_access-log
+    http_path: "/../FP"
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+- Meta:
+    source_ip: 2.2.2.2
+    log_type: http_access-log
+    http_path: "/../FP"
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com

diff --git a/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_result.yaml b/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_result.yaml
new file mode 100644 (file)
index 0000000..f81fe80
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_result.yaml
@@ -0,0 +1,154 @@
+- Type: 1
+  Alert:
+    MapKey: 6f32710a2f629ca6ec59f8dfd16a0fed5a5bffe6
+    Reprocess: true
+    Sources:
+      1.1.1.1:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+    Alert:
+      capacity: 3
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: /../1
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.1.1.1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: /../2
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.1.1.1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: /../3
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.1.1.1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: /../4
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.1.1.1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 4
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-path-traversal-probing
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 3
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: /../1
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.1.1.1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: /../2
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.1.1.1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: /../3
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.1.1.1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: /../4
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.1.1.1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 4
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-path-traversal-probing
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.1.1.1
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.1.1.1
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-path-traversal-probing/config.yaml b/scenarios/crowdsecurity/.tests/http-path-traversal-probing/config.yaml
new file mode 100644 (file)
index 0000000..dc63817
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-path-traversal-probing/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml                 #unused in our example
+bucket_results: bucket_result.yaml              #unused in our example
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/http-path-traversal-probing

diff --git a/scenarios/crowdsecurity/.tests/http-probing/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-probing/bucket_input.yaml
new file mode 100644 (file)
index 0000000..06b1776
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-probing/bucket_input.yaml
@@ -0,0 +1,99 @@
+- Meta:
+    service: http
+    http_status: '404'
+    source_ip: 8.8.8.8
+    http_path: "admin.php"
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+- Meta:
+    service: http
+    http_status: '403'
+    source_ip: 8.8.8.8
+    http_path: ".git"
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+- Meta:
+    service: http
+    http_status: '403'
+    source_ip: 8.8.8.8
+    http_path: ".htaccess"
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:51.363532653+01:00
+  Parsed:
+    static_ressource: false
+- Meta:
+    service: http
+    http_status: '404'
+    source_ip: 8.8.8.8
+    http_path: "099.php"
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    static_ressource: false
+- Meta:
+    service: http
+    http_status: '404'
+    source_ip: 8.8.8.8
+    http_path: "config.php"
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    static_ressource: false
+- Meta:
+    service: http
+    http_status: '404'
+    source_ip: 8.8.8.8
+    http_path: "db.php"
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    static_ressource: false
+- Meta:
+    service: http
+    http_status: '403'
+    source_ip: 8.8.8.8
+    http_path: "admin/index.php"
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    static_ressource: false
+- Meta:
+    service: http
+    http_status: '404'
+    source_ip: 8.8.8.8
+    http_path: "test.php"
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
+- Meta:
+    service: http
+    http_status: '403'
+    source_ip: 8.8.8.8
+    http_path: "backup.db"
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
+- Meta:
+    service: http
+    http_status: '404'
+    source_ip: 8.8.8.8
+    http_path: "backup.db.tgz"
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
+- Meta:
+    service: http
+    http_status: '404'
+    source_ip: 8.8.8.8
+    http_path: "backup.db.zip"
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    static_ressource: false
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/.tests/http-probing/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-probing/bucket_results.yaml
new file mode 100644 (file)
index 0000000..130a93f
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-probing/bucket_results.yaml
@@ -0,0 +1,338 @@
+- Type: 1
+  Alert:
+    MapKey: 2c836db1e2dbcfd4bb280f49ea2b4e7610dfc426
+    Reprocess: true
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 10
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: admin.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: .git
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: http_path
+          value: .htaccess
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: 099.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: config.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: db.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: admin/index.php
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: test.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: backup.db
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: backup.db.tgz
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: backup.db.zip
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      eventscount: 11
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-probing
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 10
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: admin.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: .git
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: http_path
+          value: .htaccess
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: 099.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: config.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: db.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: admin/index.php
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: test.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: backup.db
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: backup.db.tgz
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: backup.db.zip
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      eventscount: 11
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-probing
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-probing/config.yaml b/scenarios/crowdsecurity/.tests/http-probing/config.yaml
new file mode 100644 (file)
index 0000000..5bc3f65
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-probing/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml                 #unused in our example
+bucket_results: bucket_results.yaml              #unused in our example
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/http-probing

diff --git a/scenarios/crowdsecurity/.tests/http-probing/po_input.yaml b/scenarios/crowdsecurity/.tests/http-probing/po_input.yaml
new file mode 100644 (file)
index 0000000..130a93f
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-probing/po_input.yaml
@@ -0,0 +1,338 @@
+- Type: 1
+  Alert:
+    MapKey: 2c836db1e2dbcfd4bb280f49ea2b4e7610dfc426
+    Reprocess: true
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 10
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: admin.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: .git
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: http_path
+          value: .htaccess
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: 099.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: config.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: db.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: admin/index.php
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: test.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: backup.db
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: backup.db.tgz
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: backup.db.zip
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      eventscount: 11
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-probing
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 10
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: admin.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: http_path
+          value: .git
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: http_path
+          value: .htaccess
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: 099.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: config.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: db.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: http_path
+          value: admin/index.php
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: test.php
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: backup.db
+        - key: http_status
+          value: "403"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: backup.db.tgz
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: http_path
+          value: backup.db.zip
+        - key: http_status
+          value: "404"
+        - key: service
+          value: http
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      eventscount: 11
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-probing
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_input.yaml
new file mode 100644 (file)
index 0000000..6f9b1ae
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_input.yaml
@@ -0,0 +1,102 @@
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    request: /foobar.sql
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    request: /foobar.sql.gz
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    request: /foobar.sql.tar
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    request: /foobar.sql.bzip2
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    request: /foobar.sql.zip
+#this one won't
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    request: /foobar.sql.zip
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    request: /foobar.sql.zip
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    request: /foobar.sql.zip
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    request: /foobar.sql.zip
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    request: /foobar.sql.zip
+

diff --git a/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_results.yaml
new file mode 100644 (file)
index 0000000..f34942f
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_results.yaml
@@ -0,0 +1,153 @@
+- Type: 1
+  Alert:
+    MapKey: 8ab0744e663ec6c704e1a79c881f23c68975aa3e
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 4
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 5
+      id: 0
+      labels: []
+      leakspeed: 5s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-sensitive-files
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 4
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 5
+      id: 0
+      labels: []
+      leakspeed: 5s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-sensitive-files
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-sensitive-files/config.yaml b/scenarios/crowdsecurity/.tests/http-sensitive-files/config.yaml
new file mode 100644 (file)
index 0000000..ff72a7c
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-sensitive-files/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml               
+bucket_results: bucket_results.yaml          
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/http-sensitive-files

diff --git a/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_input.yaml
new file mode 100644 (file)
index 0000000..798c70d
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_input.yaml
@@ -0,0 +1,222 @@
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%281)"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%282)"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%283)"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%284)"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%285)"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%286)"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%287)"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%288)"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%289)"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2810)"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2811)"
+#this one won't (non distinct)
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2811)"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2811)"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2811)"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2811)"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2811)"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2811)"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2811)"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2811)"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2811)"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2811)"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "foobar=SLEEP%2811)"
+

diff --git a/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_results.yaml
new file mode 100644 (file)
index 0000000..225365d
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_results.yaml
@@ -0,0 +1,249 @@
+- Type: 1
+  Alert:
+    MapKey: 15f3bf22c6e11686b7d9e1fd0bc18a02e629dd27
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 10
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 11
+      id: 0
+      labels: []
+      leakspeed: 1s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-sqli-probbing-detection
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 10
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 11
+      id: 0
+      labels: []
+      leakspeed: 1s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-sqli-probbing-detection
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-sqli-probing/config.yaml b/scenarios/crowdsecurity/.tests/http-sqli-probing/config.yaml
new file mode 100644 (file)
index 0000000..52d0051
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-sqli-probing/config.yaml
@@ -0,0 +1,7 @@
+bucket_input: bucket_input.yaml                
+bucket_results: bucket_results.yaml             
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/http-sqli-probing

diff --git a/scenarios/crowdsecurity/.tests/http-xss-probing/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-xss-probing/bucket_input.yaml
new file mode 100644 (file)
index 0000000..3973177
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-xss-probing/bucket_input.yaml
@@ -0,0 +1,128 @@
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "<script 1"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "<script 2"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "<script 3"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "<script 4"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "<script 5"
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "<script 6"
+# this one won't trigger
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "<script"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "<script"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "<script"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "<script"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "<script"
+- Meta:
+    source_ip: 1.1.1.1
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    static_ressource: false
+    file_name: test.php
+    target_fqdn: www.test.com
+    http_args: "<script"
+
+
+
+
+
+
+

diff --git a/scenarios/crowdsecurity/.tests/http-xss-probing/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-xss-probing/bucket_results.yaml
new file mode 100644 (file)
index 0000000..c5bdc21
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-xss-probing/bucket_results.yaml
@@ -0,0 +1,169 @@
+- Type: 1
+  Alert:
+    MapKey: 3f3ed15f635a81c60a695da23e44baa88fc9ddda
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 1s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-xss-probbing
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 1s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/http-xss-probbing
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/http-xss-probing/config.yaml b/scenarios/crowdsecurity/.tests/http-xss-probing/config.yaml
new file mode 100644 (file)
index 0000000..958df71
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/http-xss-probing/config.yaml
@@ -0,0 +1,7 @@
+bucket_input: bucket_input.yaml                
+bucket_results: bucket_results.yaml             
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/http-xss-probing

diff --git a/scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/bucket_input.yaml b/scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/bucket_input.yaml
new file mode 100644 (file)
index 0000000..e4e3f1f
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/bucket_input.yaml
@@ -0,0 +1,136 @@
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    dst_port: 80
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    dst_port: 81
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    dst_port: 82
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    dst_port: 83
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:51.363532653+01:00
+  Parsed:
+    dst_port: 84
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:51.363532653+01:00
+  Parsed:
+    dst_port: 85
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:51.363532653+01:00
+  Parsed:
+    dst_port: 86
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:51.363532653+01:00
+  Parsed:
+    dst_port: 87
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    dst_port: 88
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    dst_port: 89
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    dst_port: 90
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    dst_port: 91
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:52.363532653+01:00
+  Parsed:
+    dst_port: 92
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    dst_port: 93
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    dst_port: 94
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    dst_port: 95
+- Meta:
+    log_type: iptables_drop
+    service: tcp
+    source_ip: 1.2.3.4
+    MarshaledTime: 2020-12-09T07:20:53.52Z
+  Time: 2020-12-09T07:20:53.363532653+01:00
+  Parsed:
+    dst_port: 96

diff --git a/scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/bucket_results.yaml b/scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/bucket_results.yaml
new file mode 100644 (file)
index 0000000..e19593a
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/bucket_results.yaml
@@ -0,0 +1,393 @@
+- Type: 1
+  Alert:
+    MapKey: 3b3ebef68a4af025f479d517ddc1a69d4291aba5
+    Sources:
+      1.2.3.4:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+    Alert:
+      capacity: 15
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      eventscount: 16
+      id: 0
+      labels: []
+      leakspeed: 5s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/iptables-scan-multi_ports
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 15
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      eventscount: 16
+      id: 0
+      labels: []
+      leakspeed: 5s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/iptables-scan-multi_ports
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/config.yaml b/scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/config.yaml
new file mode 100644 (file)
index 0000000..59d1d22
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml                 #unused in our example
+bucket_results: bucket_results.yaml              #unused in our example
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/iptables-scan-multi_ports

diff --git a/scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/po_input.yaml b/scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/po_input.yaml
new file mode 100644 (file)
index 0000000..e19593a
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/po_input.yaml
@@ -0,0 +1,393 @@
+- Type: 1
+  Alert:
+    MapKey: 3b3ebef68a4af025f479d517ddc1a69d4291aba5
+    Sources:
+      1.2.3.4:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+    Alert:
+      capacity: 15
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      eventscount: 16
+      id: 0
+      labels: []
+      leakspeed: 5s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/iptables-scan-multi_ports
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 15
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:51.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:52.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:53.52Z"
+        - key: log_type
+          value: iptables_drop
+        - key: service
+          value: tcp
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:53.363532653+01:00"
+      eventscount: 16
+      id: 0
+      labels: []
+      leakspeed: 5s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/iptables-scan-multi_ports
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/mysql-bf/bucket_input.yaml b/scenarios/crowdsecurity/.tests/mysql-bf/bucket_input.yaml
new file mode 100644 (file)
index 0000000..8fb03f6
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/mysql-bf/bucket_input.yaml
@@ -0,0 +1,30 @@
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: mysql_failed_auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: mysql_failed_auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: mysql_failed_auth
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: mysql_failed_auth
+    MarshaledTime: 2020-12-09T07:20:51.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: mysql_failed_auth
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: mysql_failed_auth
+    MarshaledTime: 2020-12-09T07:20:52.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00

diff --git a/scenarios/crowdsecurity/.tests/mysql-bf/bucket_results.yaml b/scenarios/crowdsecurity/.tests/mysql-bf/bucket_results.yaml
new file mode 100644 (file)
index 0000000..b222c81
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/mysql-bf/bucket_results.yaml
@@ -0,0 +1,169 @@
+- Type: 1
+  Alert:
+    MapKey: b3edd18c9efa1fb914086fa32ea85731c0ad2462
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/mysql-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/mysql-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/mysql-bf/config.yaml b/scenarios/crowdsecurity/.tests/mysql-bf/config.yaml
new file mode 100644 (file)
index 0000000..62bc7a0
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/mysql-bf/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml                 #unused in our example
+bucket_results: bucket_results.yaml              #unused in our example
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/mysql-bf

diff --git a/scenarios/crowdsecurity/.tests/mysql-bf/po_input.yaml b/scenarios/crowdsecurity/.tests/mysql-bf/po_input.yaml
new file mode 100644 (file)
index 0000000..b222c81
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/mysql-bf/po_input.yaml
@@ -0,0 +1,169 @@
+- Type: 1
+  Alert:
+    MapKey: b3edd18c9efa1fb914086fa32ea85731c0ad2462
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/mysql-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:51.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:52.52Z"
+        - key: log_type
+          value: mysql_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/mysql-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/postfix-spam/bucket_input.yaml b/scenarios/crowdsecurity/.tests/postfix-spam/bucket_input.yaml
new file mode 100644 (file)
index 0000000..4a8d73a
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/postfix-spam/bucket_input.yaml
@@ -0,0 +1,48 @@
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: postfix
+    log_type_enh: spam-attempt
+    action: reject
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: postfix
+    log_type_enh: spam-attempt
+    action: reject
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: postfix
+    log_type_enh: spam-attempt
+    action: reject
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: postfix
+    log_type_enh: spam-attempt
+    action: reject
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: postfix
+    log_type_enh: spam-attempt
+    action: reject
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: postfix
+    log_type_enh: spam-attempt
+    action: reject
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 1.2.3.4
+    service: postscreen
+    pregreet: PREGREET
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/.tests/postfix-spam/bucket_result.yaml b/scenarios/crowdsecurity/.tests/postfix-spam/bucket_result.yaml
new file mode 100644 (file)
index 0000000..c91edfa
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/postfix-spam/bucket_result.yaml
@@ -0,0 +1,310 @@
+- Type: 1
+  Alert:
+    MapKey: 55e163dcf58e98f0a1eb77e5d34cb4f58ffcbd88
+    Sources:
+      1.2.3.4:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+    Alert:
+      capacity: 0
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: pregreet
+          value: PREGREET
+        - key: service
+          value: postscreen
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 1
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/postscreen-rbl
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 0
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: pregreet
+          value: PREGREET
+        - key: service
+          value: postscreen
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 1
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/postscreen-rbl
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+- Type: 1
+  Alert:
+    MapKey: 82dc038bcf4c8ab0a8604731d59427bd27994645
+    Sources:
+      1.2.3.4:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: action
+          value: reject
+        - key: log_type
+          value: postfix
+        - key: log_type_enh
+          value: spam-attempt
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: action
+          value: reject
+        - key: log_type
+          value: postfix
+        - key: log_type_enh
+          value: spam-attempt
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: action
+          value: reject
+        - key: log_type
+          value: postfix
+        - key: log_type_enh
+          value: spam-attempt
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: action
+          value: reject
+        - key: log_type
+          value: postfix
+        - key: log_type_enh
+          value: spam-attempt
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: action
+          value: reject
+        - key: log_type
+          value: postfix
+        - key: log_type_enh
+          value: spam-attempt
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: action
+          value: reject
+        - key: log_type
+          value: postfix
+        - key: log_type_enh
+          value: spam-attempt
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/postfix-spam
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: action
+          value: reject
+        - key: log_type
+          value: postfix
+        - key: log_type_enh
+          value: spam-attempt
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: action
+          value: reject
+        - key: log_type
+          value: postfix
+        - key: log_type_enh
+          value: spam-attempt
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: action
+          value: reject
+        - key: log_type
+          value: postfix
+        - key: log_type_enh
+          value: spam-attempt
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: action
+          value: reject
+        - key: log_type
+          value: postfix
+        - key: log_type_enh
+          value: spam-attempt
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: action
+          value: reject
+        - key: log_type
+          value: postfix
+        - key: log_type_enh
+          value: spam-attempt
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: action
+          value: reject
+        - key: log_type
+          value: postfix
+        - key: log_type_enh
+          value: spam-attempt
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/postfix-spam
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/postfix-spam/config.yaml b/scenarios/crowdsecurity/.tests/postfix-spam/config.yaml
new file mode 100644 (file)
index 0000000..f70b398
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/postfix-spam/config.yaml
@@ -0,0 +1,7 @@
+bucket_input: bucket_input.yaml     
+bucket_results: bucket_result.yaml 
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/postfix-spam

diff --git a/scenarios/crowdsecurity/.tests/smb-bf/bucket_input.yaml b/scenarios/crowdsecurity/.tests/smb-bf/bucket_input.yaml
new file mode 100644 (file)
index 0000000..ddd842a
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/smb-bf/bucket_input.yaml
@@ -0,0 +1,31 @@
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: smb_failed_auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    target_user: toto2
+    log_type: smb_failed_auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: smb_failed_auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: smb_failed_auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: smb_failed_auth
+    MarshaledTime: 2020-12-09T07:20:59.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: smb_failed_auth
+    MarshaledTime: 2020-12-09T07:20:59.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00

diff --git a/scenarios/crowdsecurity/.tests/smb-bf/bucket_results.yaml b/scenarios/crowdsecurity/.tests/smb-bf/bucket_results.yaml
new file mode 100644 (file)
index 0000000..557baf8
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/smb-bf/bucket_results.yaml
@@ -0,0 +1,173 @@
+- Type: 1
+  Alert:
+    MapKey: 8a23790153f618c90d3cd65a781e024546f76767
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: smb_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: smb_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto2
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: smb_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: smb_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:59.52Z"
+        - key: log_type
+          value: smb_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:59.52Z"
+        - key: log_type
+          value: smb_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/smb-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: smb_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: smb_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto2
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: smb_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: smb_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:59.52Z"
+        - key: log_type
+          value: smb_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:59.52Z"
+        - key: log_type
+          value: smb_failed_auth
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/smb-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/smb-bf/config.yaml b/scenarios/crowdsecurity/.tests/smb-bf/config.yaml
new file mode 100644 (file)
index 0000000..47beed7
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/smb-bf/config.yaml
@@ -0,0 +1,7 @@
+bucket_input: bucket_input.yaml                 #unused in our example
+bucket_results: bucket_results.yaml              #unused in our example
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/smb-bf

diff --git a/scenarios/crowdsecurity/.tests/ssh-bf/bucket_input.yaml b/scenarios/crowdsecurity/.tests/ssh-bf/bucket_input.yaml
new file mode 100644 (file)
index 0000000..8ef07ea
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/ssh-bf/bucket_input.yaml
@@ -0,0 +1,36 @@
+- Meta:
+    source_ip: 8.8.8.8
+    target_user: toto1
+    log_type: ssh_failed-auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    target_user: toto2
+    log_type: ssh_failed-auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    target_user: toto3
+    log_type: ssh_failed-auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    target_user: toto4
+    log_type: ssh_failed-auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    target_user: toto5
+    log_type: ssh_failed-auth
+    MarshaledTime: 2020-12-09T07:20:59.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    target_user: toto6
+    log_type: ssh_failed-auth
+    MarshaledTime: 2020-12-09T07:20:59.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00

diff --git a/scenarios/crowdsecurity/.tests/ssh-bf/bucket_results.yaml b/scenarios/crowdsecurity/.tests/ssh-bf/bucket_results.yaml
new file mode 100644 (file)
index 0000000..c7c0950
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/ssh-bf/bucket_results.yaml
@@ -0,0 +1,387 @@
+- Type: 1
+  Alert:
+    MapKey: 1521714fded239db03adad822f9a0e175f93bd53
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto2
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto3
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:59.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto5
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:59.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto6
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf_user-enum
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto2
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto3
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:59.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto5
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:59.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto6
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf_user-enum
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"
+- Type: 1
+  Alert:
+    MapKey: f7647bb8bafcc4fc98538544aa9c3ea2c834e1c8
+    Reprocess: true
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto2
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto3
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:59.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto5
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:59.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto6
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto1
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto2
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto3
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:59.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto5
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:59.52Z"
+        - key: log_type
+          value: ssh_failed-auth
+        - key: source_ip
+          value: 8.8.8.8
+        - key: target_user
+          value: toto6
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/ssh-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/ssh-bf/config.yaml b/scenarios/crowdsecurity/.tests/ssh-bf/config.yaml
new file mode 100644 (file)
index 0000000..c1f9948
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/ssh-bf/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml                 #unused in our example
+bucket_results: bucket_results.yaml              #unused in our example
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/ssh-bf

diff --git a/scenarios/crowdsecurity/.tests/telnet-bf/bucket_input.yaml b/scenarios/crowdsecurity/.tests/telnet-bf/bucket_input.yaml
new file mode 100644 (file)
index 0000000..f5ad4a4
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/telnet-bf/bucket_input.yaml
@@ -0,0 +1,31 @@
+#these are the events we input into parser
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: telnet_new_session
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: telnet_new_session
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: telnet_new_session
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: telnet_new_session
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: telnet_new_session
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 8.8.8.8
+    log_type: telnet_new_session
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00

diff --git a/scenarios/crowdsecurity/.tests/telnet-bf/bucket_results.yaml b/scenarios/crowdsecurity/.tests/telnet-bf/bucket_results.yaml
new file mode 100644 (file)
index 0000000..a3e21b7
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/telnet-bf/bucket_results.yaml
@@ -0,0 +1,169 @@
+- Type: 1
+  Alert:
+    MapKey: eed01022801d3dfc38d474e474ce716c9ef42aaf
+    Sources:
+      8.8.8.8:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: telnet_new_session
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: telnet_new_session
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: telnet_new_session
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: telnet_new_session
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: telnet_new_session
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: telnet_new_session
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/telnet-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: telnet_new_session
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: telnet_new_session
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: telnet_new_session
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: telnet_new_session
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: telnet_new_session
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: telnet_new_session
+        - key: source_ip
+          value: 8.8.8.8
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/telnet-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 8.8.8.8
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 8.8.8.8
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/telnet-bf/config.yaml b/scenarios/crowdsecurity/.tests/telnet-bf/config.yaml
new file mode 100644 (file)
index 0000000..8b9a815
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/telnet-bf/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml                 #unused in our example
+bucket_results: bucket_results.yaml              #unused in our example
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/telnet-bf

diff --git a/scenarios/crowdsecurity/.tests/vsftpd-bf/bucket_input.yaml b/scenarios/crowdsecurity/.tests/vsftpd-bf/bucket_input.yaml
new file mode 100644 (file)
index 0000000..6512a4a
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/vsftpd-bf/bucket_input.yaml
@@ -0,0 +1,30 @@
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: ftp_failed_auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: ftp_failed_auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: ftp_failed_auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: ftp_failed_auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: ftp_failed_auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: ftp_failed_auth
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/.tests/vsftpd-bf/bucket_result.yaml b/scenarios/crowdsecurity/.tests/vsftpd-bf/bucket_result.yaml
new file mode 100644 (file)
index 0000000..4297ec1
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/vsftpd-bf/bucket_result.yaml
@@ -0,0 +1,169 @@
+- Type: 1
+  Alert:
+    MapKey: 685003545b71cb29063711acc8032fc27d1204b5
+    Sources:
+      1.2.3.4:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+    Alert:
+      capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ftp_failed_auth
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ftp_failed_auth
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ftp_failed_auth
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ftp_failed_auth
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ftp_failed_auth
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ftp_failed_auth
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/vsftpd-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 5
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ftp_failed_auth
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ftp_failed_auth
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ftp_failed_auth
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ftp_failed_auth
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ftp_failed_auth
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: ftp_failed_auth
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 6
+      id: 0
+      labels: []
+      leakspeed: 10s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: crowdsecurity/vsftpd-bf
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/crowdsecurity/.tests/vsftpd-bf/config.yaml b/scenarios/crowdsecurity/.tests/vsftpd-bf/config.yaml
new file mode 100644 (file)
index 0000000..7158a48
--- /dev/null
+++ b/scenarios/crowdsecurity/.tests/vsftpd-bf/config.yaml
@@ -0,0 +1,7 @@
+bucket_input: bucket_input.yaml     
+bucket_results: bucket_result.yaml 
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - crowdsecurity/vsftpd-bf

diff --git a/scenarios/crowdsecurity/ban-defcon-drop_range.md b/scenarios/crowdsecurity/ban-defcon-drop_range.md
new file mode 100644 (file)
index 0000000..54f90ed
--- /dev/null
+++ b/scenarios/crowdsecurity/ban-defcon-drop_range.md
@@ -0,0 +1,3 @@
+Bans a range if more than 5 ips from said range are banned.
+
+Leakspeed of 1 minute, capacity of 5.

diff --git a/scenarios/crowdsecurity/ban-defcon-drop_range.yaml b/scenarios/crowdsecurity/ban-defcon-drop_range.yaml
new file mode 100644 (file)
index 0000000..e521665
--- /dev/null
+++ b/scenarios/crowdsecurity/ban-defcon-drop_range.yaml
@@ -0,0 +1,17 @@
+#TAP IT TWICE : if more than 5 unique IPs of a range are being banned, drop the range
+type: leaky
+#debug: true
+name: crowdsecurity/ban-defcon-drop_range
+description: "Ban a range if more than 5 ips from it are banned at a time"
+#it's an overflow from a scenario that triggered a remediation ;)
+filter: "evt.GetType() == 'overflow' && evt.Overflow.Alert.Remediation == true"
+groupby: "evt.Overflow.Alert.Source.Range"
+distinct: "evt.Overflow.Alert.Source.IP"
+capacity: 5
+leakspeed: "1m"
+blackhole: 5m
+labels:
+ remediation: true
+scope:
+ type: Range
+

diff --git a/scenarios/crowdsecurity/ban-report-ssh_bf_report.md b/scenarios/crowdsecurity/ban-report-ssh_bf_report.md
new file mode 100644 (file)
index 0000000..a8dfb90
--- /dev/null
+++ b/scenarios/crowdsecurity/ban-report-ssh_bf_report.md
@@ -0,0 +1 @@
+Count the number of unique ips that performed ssh_bruteforces, report every 10 minutes.

diff --git a/scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml b/scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml
new file mode 100644 (file)
index 0000000..3f26040
--- /dev/null
+++ b/scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml
@@ -0,0 +1,10 @@
+type: counter
+name: crowdsecurity/ban-reports-ssh_bf_report
+description: "Count unique ips performing ssh bruteforce"
+#debug: true
+filter: "evt.Overflow.Alert.Scenario == 'ssh_bruteforce'"
+distinct: "evt.Overflow.Alert.Source.IP"
+capacity: -1
+duration: 10m
+labels:
+  service: ssh

diff --git a/scenarios/crowdsecurity/dovecot-spam.md b/scenarios/crowdsecurity/dovecot-spam.md
new file mode 100644 (file)
index 0000000..f72c6cc
--- /dev/null
+++ b/scenarios/crowdsecurity/dovecot-spam.md
@@ -0,0 +1,5 @@
+Spam detection for dovecot (capacity of 3 and leakspeed of 360s)
+
+- allows fail authentication attempt every 6 minutes with a burst of 3
+
+> Contribution by https://github.com/LtSich

diff --git a/scenarios/crowdsecurity/dovecot-spam.yaml b/scenarios/crowdsecurity/dovecot-spam.yaml
new file mode 100644 (file)
index 0000000..adb015d
--- /dev/null
+++ b/scenarios/crowdsecurity/dovecot-spam.yaml
@@ -0,0 +1,15 @@
+#contribution by @ltsich
+type: leaky
+name: crowdsecurity/dovecot-spam
+description: "detect errors on dovecot"
+debug: false
+# request with login != Login
+filter: "evt.Meta.log_type == 'dovecot_logs' && evt.Parsed.dovecot_login_result != 'Login'"
+groupby: evt.Meta.source_ip
+capacity: 3
+leakspeed: "360s"
+blackhole: 5m
+labels:
+ service: http
+ type: scan
+ remediation: true

diff --git a/scenarios/crowdsecurity/http-backdoors-attempts.md b/scenarios/crowdsecurity/http-backdoors-attempts.md
new file mode 100644 (file)
index 0000000..db0c8d0
--- /dev/null
+++ b/scenarios/crowdsecurity/http-backdoors-attempts.md
@@ -0,0 +1,18 @@
+Detect attempts to access common backdoors such as c99.php ...
+
+## Configuration
+
+This scenario will be trigger if an attacker requests a minimum of two differents file of [the list](https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/backdoors.txt)/
+
+Configuration:
+
+`distinct` : `evt.Parsed.request` (HTTP request URI)
+
+`leakspeed` : 5 secondes
+
+`group_by` : `evt.Meta.source_ip`
+
+
+### Data
+
+This scenario use the [following list backdoors.txt](https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/backdoors.txt) from [danielmiessler](https://github.com/danielmiessler/SecLists)
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/http-backdoors-attempts.yaml b/scenarios/crowdsecurity/http-backdoors-attempts.yaml
new file mode 100644 (file)
index 0000000..fb7dfa8
--- /dev/null
+++ b/scenarios/crowdsecurity/http-backdoors-attempts.yaml
@@ -0,0 +1,18 @@
+type: leaky
+#debug: true
+name: crowdsecurity/http-backdoors-attempts
+description: "Detect attempt to common backdoors"
+filter: 'evt.Meta.log_type in ["http_access-log", "http_error-log"] and any(File("backdoors.txt"), { evt.Parsed.request contains #})'
+groupby: "evt.Meta.source_ip"
+distinct: evt.Parsed.request
+data:
+  - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/backdoors.txt
+    dest_file: backdoors.txt
+    type: string
+capacity: 1
+leakspeed: 5s
+blackhole: 5m
+labels:
+  service: http
+  type: discovery
+  remediation: true

diff --git a/scenarios/crowdsecurity/http-bad-user-agent.md b/scenarios/crowdsecurity/http-bad-user-agent.md
new file mode 100644 (file)
index 0000000..173132f
--- /dev/null
+++ b/scenarios/crowdsecurity/http-bad-user-agent.md
@@ -0,0 +1,10 @@
+# Known bad user-agents
+
+Detect known bad user-agents.
+
+Bans after two requests.
+
+
+
+
+

diff --git a/scenarios/crowdsecurity/http-bad-user-agent.yaml b/scenarios/crowdsecurity/http-bad-user-agent.yaml
new file mode 100644 (file)
index 0000000..6c7baf3
--- /dev/null
+++ b/scenarios/crowdsecurity/http-bad-user-agent.yaml
@@ -0,0 +1,17 @@
+type: leaky
+format: 2.0
+#debug: true
+name: crowdsecurity/http-bad-user-agent
+description: "Detect bad user-agents"
+filter: 'evt.Meta.log_type in ["http_access-log", "http_error-log"] && any(File("bad_user_agents.txt"), {evt.Parsed.http_user_agent contains #})'
+data:
+  - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/bad_user_agents.txt
+    dest_file: bad_user_agents.txt
+    type: string
+capacity: 1
+leakspeed: 1m
+groupby: "evt.Meta.source_ip"
+blackhole: 2m
+labels:
+  type: scan
+  remediation: true

diff --git a/scenarios/crowdsecurity/http-bf-wordpress_bf.md b/scenarios/crowdsecurity/http-bf-wordpress_bf.md
new file mode 100644 (file)
index 0000000..6afd0b7
--- /dev/null
+++ b/scenarios/crowdsecurity/http-bf-wordpress_bf.md
@@ -0,0 +1,4 @@
+Detects bruteforce on wordpress login page 'wp-login.php'.
+
+leakspeed of 10s, capacity of 5
+

diff --git a/scenarios/crowdsecurity/http-bf-wordpress_bf.yaml b/scenarios/crowdsecurity/http-bf-wordpress_bf.yaml
new file mode 100644 (file)
index 0000000..68f97d9
--- /dev/null
+++ b/scenarios/crowdsecurity/http-bf-wordpress_bf.yaml
@@ -0,0 +1,14 @@
+type: leaky
+name: crowdsecurity/http-bf-wordpress_bf
+description: "detect wordpress bruteforce"
+debug: false
+# failed auth on wp-login.php returns 200
+filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.file_name == 'wp-login.php' && evt.Parsed.verb == 'POST'"
+groupby: evt.Meta.source_ip
+capacity: 5
+leakspeed: "10s"
+blackhole: 5m
+labels:
+ service: http
+ type: bruteforce
+ remediation: true
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/http-crawl-non_statics.md b/scenarios/crowdsecurity/http-crawl-non_statics.md
new file mode 100644 (file)
index 0000000..f4a64a1
--- /dev/null
+++ b/scenarios/crowdsecurity/http-crawl-non_statics.md
@@ -0,0 +1,3 @@
+Detect crawl on non-static (jpg,css,js,etc.) http pages from a single ip.
+
+Leakspeed of 0.5s, capacity of 40

diff --git a/scenarios/crowdsecurity/http-crawl-non_statics.yaml b/scenarios/crowdsecurity/http-crawl-non_statics.yaml
new file mode 100644 (file)
index 0000000..419b85d
--- /dev/null
+++ b/scenarios/crowdsecurity/http-crawl-non_statics.yaml
@@ -0,0 +1,16 @@
+type: leaky
+name: crowdsecurity/http-crawl-non_statics
+description: "Detect aggressive crawl from single ip"
+filter: "evt.Meta.log_type in ['http_access-log', 'http_error-log'] && evt.Parsed.static_ressource == 'false'"
+distinct: "evt.Parsed.file_name"
+leakspeed: 0.5s
+capacity: 40
+#debug: true
+#this limits the memory cache (and event_sequences in output) to five events
+cache_size: 5
+groupby: "evt.Meta.source_ip + '/' + evt.Parsed.target_fqdn"
+blackhole: 1m
+labels:
+ service: http
+ type: crawl
+ remediation: true

diff --git a/scenarios/crowdsecurity/http-generic-bf.md b/scenarios/crowdsecurity/http-generic-bf.md
new file mode 100644 (file)
index 0000000..3058e9f
--- /dev/null
+++ b/scenarios/crowdsecurity/http-generic-bf.md
@@ -0,0 +1,3 @@
+Alert when a single IP that try to bruteforce http basic auth.
+
+Leakspeed of 10s, capacity of 5.

diff --git a/scenarios/crowdsecurity/http-generic-bf.yaml b/scenarios/crowdsecurity/http-generic-bf.yaml
new file mode 100644 (file)
index 0000000..977ac99
--- /dev/null
+++ b/scenarios/crowdsecurity/http-generic-bf.yaml
@@ -0,0 +1,14 @@
+# 404 scan
+type: leaky
+#debug: true
+name: crowdsecurity/http-generic-bf
+description: "Detect generic http brute force"
+filter: "evt.Meta.service == 'http' && evt.Meta.sub_type == 'auth_fail'"
+groupby: evt.Meta.source_ip
+capacity: 5
+leakspeed: "10s"
+blackhole: 1m
+labels:
+ service: http
+ type: bf
+ remediation: true

diff --git a/scenarios/crowdsecurity/http-path-traversal-probing.md b/scenarios/crowdsecurity/http-path-traversal-probing.md
new file mode 100644 (file)
index 0000000..f3a933e
--- /dev/null
+++ b/scenarios/crowdsecurity/http-path-traversal-probing.md
@@ -0,0 +1,5 @@
+The http path traversal probing scenario aims at detecting, with very little false positive chances, path traversal probing attempts.
+
+Path traversal attempts will be detected with the presence of specific path manipulation patterns in the URI or the `GET` parameter such as `../` , `%2Fetc%2Fpasswd` ...
+
+:warning: This scenario is _not_ a WAF and this scenario does _not_ aims at replacing a WAF.
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/http-path-traversal-probing.yaml b/scenarios/crowdsecurity/http-path-traversal-probing.yaml
new file mode 100644 (file)
index 0000000..642aba3
--- /dev/null
+++ b/scenarios/crowdsecurity/http-path-traversal-probing.yaml
@@ -0,0 +1,20 @@
+# path traversal probing
+type: leaky
+#debug: true
+name: crowdsecurity/http-path-traversal-probing
+description: "Detect path traversal attempt"
+filter: "evt.Meta.log_type in ['http_access-log', 'http_error-log'] && any(File('http_path_traversal.txt'),{evt.Meta.http_path contains #})"
+data:
+  - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/path_traversal.txt
+    dest_file: http_path_traversal.txt
+    type: string
+groupby: "evt.Meta.source_ip"
+distinct: "evt.Meta.http_path"
+capacity: 3
+reprocess: true
+leakspeed: 10s
+blackhole: 2m
+labels:
+ service: http
+ type: scan
+ remediation: true

diff --git a/scenarios/crowdsecurity/http-probing.md b/scenarios/crowdsecurity/http-probing.md
new file mode 100644 (file)
index 0000000..650a13c
--- /dev/null
+++ b/scenarios/crowdsecurity/http-probing.md
@@ -0,0 +1,3 @@
+Take remediation against a single IP that requires multiple different (http path) pages that end up in 404/403/400.
+
+Leakspeed of 10s, capacity of 10.

diff --git a/scenarios/crowdsecurity/http-probing.yaml b/scenarios/crowdsecurity/http-probing.yaml
new file mode 100644 (file)
index 0000000..7fe7a19
--- /dev/null
+++ b/scenarios/crowdsecurity/http-probing.yaml
@@ -0,0 +1,16 @@
+# 404 scan
+type: leaky
+#debug: true
+name: crowdsecurity/http-probing
+description: "Detect site scanning/probing from a single ip"
+filter: "evt.Meta.service == 'http' && evt.Meta.http_status in ['404', '403', '400'] && evt.Parsed.static_ressource == 'false'"
+groupby: "evt.Meta.source_ip + '/' + evt.Parsed.target_fqdn"
+distinct: "evt.Meta.http_path"
+capacity: 10
+reprocess: true
+leakspeed: "10s"
+blackhole: 5m
+labels:
+ service: http
+ type: scan
+ remediation: true

diff --git a/scenarios/crowdsecurity/http-sensitive-files.md b/scenarios/crowdsecurity/http-sensitive-files.md
new file mode 100644 (file)
index 0000000..a4ec297
--- /dev/null
+++ b/scenarios/crowdsecurity/http-sensitive-files.md
@@ -0,0 +1,6 @@
+# HTTP Sensitive files
+
+Detect tentative of dangerous file scanning such as logs file, database backup, zip archive etc ...
+
+### Rule
+More than 3 access to sensitive files in [this list](https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sensitive_data.txt)
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/http-sensitive-files.yaml b/scenarios/crowdsecurity/http-sensitive-files.yaml
new file mode 100644 (file)
index 0000000..823b8c2
--- /dev/null
+++ b/scenarios/crowdsecurity/http-sensitive-files.yaml
@@ -0,0 +1,19 @@
+type: leaky
+format: 2.0
+#debug: true
+name: crowdsecurity/http-sensitive-files
+description: "Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)"
+filter: 'evt.Meta.log_type in ["http_access-log", "http_error-log"] and any(File("sensitive_data.txt"), { evt.Parsed.request endsWith #})'
+groupby: "evt.Meta.source_ip"
+distinct: evt.Parsed.request
+data:
+  - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sensitive_data.txt
+    dest_file: sensitive_data.txt
+    type: string
+capacity: 4
+leakspeed: 5s
+blackhole: 5m
+labels:
+  service: http
+  type: discovery
+  remediation: true

diff --git a/scenarios/crowdsecurity/http-sqli-probing.md b/scenarios/crowdsecurity/http-sqli-probing.md
new file mode 100644 (file)
index 0000000..3a92db4
--- /dev/null
+++ b/scenarios/crowdsecurity/http-sqli-probing.md
@@ -0,0 +1,12 @@
+The http sqli probing scenario aims at detecting, with very little false positive chances, SQL injection probing attempts.
+
+SQL injection probing attempts will be characterized by the presence of specific SQL-related patterns in uri/GET arguments (if and when this is where the injected parameter is), and this is what this scenario detects.
+
+
+The [word list](https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sqli_probe_patterns.txt) is picked specifically to limit false positives.
+Furthermore, a `distinct` directive is present on the get parameters themselves to reduce false positive chances.
+
+You can test the behavior of the scenario by launching the excellent [sqlmap](https://sqlmap.org) on one of your pages.
+
+**WARNING** This scenario is _not_ a WAF, and this scenario does _not_ aims at replacing a WAF. A motivated attacker with knowledge of crowdsec will be able to bypass it. It is mostly meant to be a way to detect generic SQL injection probing such as performed by open-source or commercial scanners.
+

diff --git a/scenarios/crowdsecurity/http-sqli-probing.yaml b/scenarios/crowdsecurity/http-sqli-probing.yaml
new file mode 100644 (file)
index 0000000..bb18152
--- /dev/null
+++ b/scenarios/crowdsecurity/http-sqli-probing.yaml
@@ -0,0 +1,20 @@
+type: leaky
+#requires at least 2.0 because it's using the 'data' section and the 'Upper' expr helper
+format: 2.0
+name: crowdsecurity/http-sqli-probbing-detection
+data:
+  - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/sqli_probe_patterns.txt
+    dest_file: sqli_probe_patterns.txt
+    type: string
+description: "A scenario that detects SQL injection probing with minimal false positives"
+filter: "evt.Meta.log_type in ['http_access-log', 'http_error-log'] && any(File('sqli_probe_patterns.txt'), {Upper(evt.Parsed.http_args) contains Upper(#)})"
+groupby: evt.Meta.source_ip
+capacity: 10
+leakspeed: 1s
+blackhole: 5m
+#low false positives approach : we require distinct payloads to avoid false positives
+distinct: evt.Parsed.http_args
+labels:
+  service: http
+  type: sqli_probing
+  remediation: true

diff --git a/scenarios/crowdsecurity/http-xss-probing.md b/scenarios/crowdsecurity/http-xss-probing.md
new file mode 100644 (file)
index 0000000..046d199
--- /dev/null
+++ b/scenarios/crowdsecurity/http-xss-probing.md
@@ -0,0 +1,10 @@
+The http XSS probing scenario aims at detecting, with very little false positive chances, XSS probing attempts.
+
+XSS probing attempts will be characterized by the presence of specific XSS related patterns in uri/GET arguments (if and when this is where the injected parameter is), and this is what this scenario detects.
+
+
+The [word list](https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/xss_probe_patterns.txt) is picked specifically to limit false positives.
+Furthermore, a `distinct` directive is present on the get parameters themselves to reduce false positive chances.
+
+
+**WARNING** This scenario is _not_ a WAF, and this scenario does _not_ aims at replacing a WAF. A motivated attacker with knowledge of crowdsec will be able to bypass it. It is mostly meant to be a way to detect generic XSS probing.

diff --git a/scenarios/crowdsecurity/http-xss-probing.yaml b/scenarios/crowdsecurity/http-xss-probing.yaml
new file mode 100644 (file)
index 0000000..058593d
--- /dev/null
+++ b/scenarios/crowdsecurity/http-xss-probing.yaml
@@ -0,0 +1,20 @@
+type: leaky
+#requires at least 2.0 because it's using the 'data' section and the 'Upper' expr helper
+format: 2.0
+name: crowdsecurity/http-xss-probbing
+data:
+  - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/xss_probe_patterns.txt
+    dest_file: xss_probe_patterns.txt
+    type: string
+description: "A scenario that detects XSS probing with minimal false positives"
+filter: "evt.Meta.log_type in ['http_access-log', 'http_error-log'] && any(File('xss_probe_patterns.txt'), {Upper(evt.Parsed.http_args) contains Upper(#)})"
+groupby: evt.Meta.source_ip
+capacity: 5
+leakspeed: 1s
+blackhole: 5m
+#low false positives approach : we require distinct payloads to avoid false positives
+distinct: evt.Parsed.http_args
+labels:
+  service: http
+  type: xss_probing
+  remediation: true

diff --git a/scenarios/crowdsecurity/iptables-scan-multi_ports.md b/scenarios/crowdsecurity/iptables-scan-multi_ports.md
new file mode 100644 (file)
index 0000000..186ad5c
--- /dev/null
+++ b/scenarios/crowdsecurity/iptables-scan-multi_ports.md
@@ -0,0 +1,3 @@
+Detects a port scan : detects if a single IP attempts connection to many different ports.
+
+Leakspeed of 5s, capacity of 15.

diff --git a/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml b/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml
new file mode 100644 (file)
index 0000000..4225fc0
--- /dev/null
+++ b/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml
@@ -0,0 +1,14 @@
+type: leaky
+name: crowdsecurity/iptables-scan-multi_ports
+description: "ban IPs that are scanning us"
+filter: "evt.Meta.log_type == 'iptables_drop' && evt.Meta.service == 'tcp'"
+groupby: evt.Meta.source_ip
+distinct: evt.Parsed.dst_port
+capacity: 15
+leakspeed: 5s
+blackhole: 1m
+labels:
+  service: tcp
+  type: scan
+  remediation: true
+

diff --git a/scenarios/crowdsecurity/modsecurity.md b/scenarios/crowdsecurity/modsecurity.md
new file mode 100644 (file)
index 0000000..84a645f
--- /dev/null
+++ b/scenarios/crowdsecurity/modsecurity.md
@@ -0,0 +1 @@
+Take a remediation against an IP that trigger a modsecurity rule with a `CRITICAL` severity.

diff --git a/scenarios/crowdsecurity/modsecurity.yaml b/scenarios/crowdsecurity/modsecurity.yaml
new file mode 100644 (file)
index 0000000..403ca2b
--- /dev/null
+++ b/scenarios/crowdsecurity/modsecurity.yaml
@@ -0,0 +1,11 @@
+type: trigger
+#debug: true
+name: crowdsecurity/modsecurity
+description: "Web exploitation via modsecurity"
+filter: evt.Parsed.ruleseverity == 'CRITICAL'
+blackhole: 2m
+labels:
+  type: web_attack
+  service: http
+  remediation: true
+  scope: ip

diff --git a/scenarios/crowdsecurity/mysql-bf.md b/scenarios/crowdsecurity/mysql-bf.md
new file mode 100644 (file)
index 0000000..3160fd1
--- /dev/null
+++ b/scenarios/crowdsecurity/mysql-bf.md
@@ -0,0 +1,3 @@
+Detect seveal failed mysql authentications.
+
+leakspeed of 10s, capacity of 3

diff --git a/scenarios/crowdsecurity/mysql-bf.yaml b/scenarios/crowdsecurity/mysql-bf.yaml
new file mode 100644 (file)
index 0000000..e10fff0
--- /dev/null
+++ b/scenarios/crowdsecurity/mysql-bf.yaml
@@ -0,0 +1,14 @@
+# mysql bruteforce
+type: leaky
+#debug: true
+name: crowdsecurity/mysql-bf
+description: "Detect mysql bruteforce"
+filter: evt.Meta.log_type == 'mysql_failed_auth'
+leakspeed: "10s"
+capacity: 5
+groupby: evt.Meta.source_ip
+blackhole: 5m
+labels:
+ service: mysql
+ type: bruteforce
+ remediation: true

diff --git a/scenarios/crowdsecurity/naxsi-exploit-vpatch.md b/scenarios/crowdsecurity/naxsi-exploit-vpatch.md
new file mode 100644 (file)
index 0000000..9fec38e
--- /dev/null
+++ b/scenarios/crowdsecurity/naxsi-exploit-vpatch.md
@@ -0,0 +1,3 @@
+Detects naxsi blocked requests on custom (>9999) rules.
+
+Triggers on first request.

diff --git a/scenarios/crowdsecurity/naxsi-exploit-vpatch.yaml b/scenarios/crowdsecurity/naxsi-exploit-vpatch.yaml
new file mode 100644 (file)
index 0000000..c4bc737
--- /dev/null
+++ b/scenarios/crowdsecurity/naxsi-exploit-vpatch.yaml
@@ -0,0 +1,12 @@
+# naxsi vpatch rules detection
+type: trigger
+name: crowdsecurity/naxsi-exploit-vpatch
+# id is bigger than 9k, custom rule
+description: "Detect custom blacklist triggered in naxsi"
+filter: "evt.Meta.log_type == 'waf_naxsi-log' && len(evt.Parsed.naxsi_id) > 4"
+groupby: "evt.Meta.source_ip"
+blackhole: 5m
+labels:
+ service: http
+ type: scan
+ remediation: true

diff --git a/scenarios/crowdsecurity/postfix-spam.md b/scenarios/crowdsecurity/postfix-spam.md
new file mode 100644 (file)
index 0000000..8735b32
--- /dev/null
+++ b/scenarios/crowdsecurity/postfix-spam.md
@@ -0,0 +1,5 @@
+Contains multiple scenarios:
+
+- crowdsecurity/postfix-spam: postfix scenario bruteforce spam attempt (leakspeed of 10s with a capacity of 5)
+- crowdsecurity/postscreen-rbl: postscreen rb attempt blacklist (capacity of 0)
+

diff --git a/scenarios/crowdsecurity/postfix-spam.yaml b/scenarios/crowdsecurity/postfix-spam.yaml
new file mode 100644 (file)
index 0000000..790128f
--- /dev/null
+++ b/scenarios/crowdsecurity/postfix-spam.yaml
@@ -0,0 +1,33 @@
+# postfix spam
+type: leaky
+name: crowdsecurity/postfix-spam
+description: "Detect spammers"
+filter: "evt.Meta.log_type_enh == 'spam-attempt' || evt.Meta.log_type == 'postfix' && evt.Meta.action == 'reject'"
+leakspeed: "10s"
+references:
+  - https://en.wikipedia.org/wiki/Spamming
+capacity: 5
+groupby: evt.Meta.source_ip
+blackhole: 1m
+reprocess: false
+labels:
+ service: postfix
+ type: bruteforce
+ remediation: true
+---
+# postfix spam
+type: trigger
+name: crowdsecurity/postscreen-rbl
+description: "Detect spammers"
+filter: "evt.Meta.service == 'postscreen' && evt.Meta.pregreet == 'PREGREET'"
+leakspeed: "10s"
+references:
+  - https://en.wikipedia.org/wiki/Spamming
+groupby: evt.Meta.source_ip
+blackhole: 1m
+reprocess: false
+labels:
+ service: postscreen
+ type: bruteforce
+ remediation: true
+

diff --git a/scenarios/crowdsecurity/smb-bf.md b/scenarios/crowdsecurity/smb-bf.md
new file mode 100644 (file)
index 0000000..d585146
--- /dev/null
+++ b/scenarios/crowdsecurity/smb-bf.md
@@ -0,0 +1 @@
+tracks failed samba authentications.

diff --git a/scenarios/crowdsecurity/smb-bf.yaml b/scenarios/crowdsecurity/smb-bf.yaml
new file mode 100644 (file)
index 0000000..f12c75a
--- /dev/null
+++ b/scenarios/crowdsecurity/smb-bf.yaml
@@ -0,0 +1,13 @@
+# smb bruteforce
+type: leaky
+name: crowdsecurity/smb-bf
+description: "Detect smb bruteforce"
+filter: evt.Meta.log_type == 'smb_failed_auth'
+leakspeed: "10s"
+capacity: 5
+groupby: evt.Meta.source_ip
+blackhole: 5m
+labels:
+ service: smb
+ type: bruteforce
+ remediation: true
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/ssh-bf.md b/scenarios/crowdsecurity/ssh-bf.md
new file mode 100644 (file)
index 0000000..080c8fc
--- /dev/null
+++ b/scenarios/crowdsecurity/ssh-bf.md
@@ -0,0 +1,5 @@
+Detect failed ssh authentications :
+
+ - leakspeed of 10s, capacity of 5 on same target user
+ - leakspeed of 10s, capacity of 5 unique distinct users
+ 

diff --git a/scenarios/crowdsecurity/ssh-bf.yaml b/scenarios/crowdsecurity/ssh-bf.yaml
new file mode 100644 (file)
index 0000000..7b350e4
--- /dev/null
+++ b/scenarios/crowdsecurity/ssh-bf.yaml
@@ -0,0 +1,32 @@
+# ssh bruteforce
+type: leaky
+name: crowdsecurity/ssh-bf
+description: "Detect ssh bruteforce"
+filter: "evt.Meta.log_type == 'ssh_failed-auth'"
+leakspeed: "10s"
+references:
+  - http://wikipedia.com/ssh-bf-is-bad
+capacity: 5
+groupby: evt.Meta.source_ip
+blackhole: 1m
+reprocess: true
+labels:
+ service: ssh
+ type: bruteforce
+ remediation: true
+---
+# ssh user-enum
+type: leaky
+name: crowdsecurity/ssh-bf_user-enum
+description: "Detect ssh user enum bruteforce"
+filter: evt.Meta.log_type == 'ssh_failed-auth'
+groupby: evt.Meta.source_ip
+distinct: evt.Meta.target_user
+leakspeed: 10s
+capacity: 5
+blackhole: 1m
+labels:
+ service: ssh
+ type: bruteforce
+ remediation: true
+

diff --git a/scenarios/crowdsecurity/telnet-bf.md b/scenarios/crowdsecurity/telnet-bf.md
new file mode 100644 (file)
index 0000000..9d354d5
--- /dev/null
+++ b/scenarios/crowdsecurity/telnet-bf.md
@@ -0,0 +1,4 @@
+## Detect Telnet bruteforce attack.
+
+### Rule
+leakspeed of 10s, capacity of 5
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/telnet-bf.yaml b/scenarios/crowdsecurity/telnet-bf.yaml
new file mode 100644 (file)
index 0000000..ac58031
--- /dev/null
+++ b/scenarios/crowdsecurity/telnet-bf.yaml
@@ -0,0 +1,12 @@
+type: leaky
+name: crowdsecurity/telnet-bf
+description: "detect telnet bruteforce"
+filter: evt.Meta.log_type == 'telnet_new_session'
+groupby: evt.Meta.source_ip
+capacity: 5
+leakspeed: "10s"
+blackhole: 5m
+labels:
+ service: telnet
+ type: bruteforce
+ remediation: true
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/vsftpd-bf.md b/scenarios/crowdsecurity/vsftpd-bf.md
new file mode 100644 (file)
index 0000000..d301057
--- /dev/null
+++ b/scenarios/crowdsecurity/vsftpd-bf.md
@@ -0,0 +1,4 @@
+## Detect FTP bruteforce attack.
+
+### Rule
+leakspeed of 10s, capacity of 5
\ No newline at end of file

diff --git a/scenarios/crowdsecurity/vsftpd-bf.yaml b/scenarios/crowdsecurity/vsftpd-bf.yaml
new file mode 100644 (file)
index 0000000..e0e3c15
--- /dev/null
+++ b/scenarios/crowdsecurity/vsftpd-bf.yaml
@@ -0,0 +1,13 @@
+type: leaky
+#debug: true
+name: crowdsecurity/vsftpd-bf
+description: "Detect FTP bruteforce (vsftpd)"
+filter: evt.Meta.log_type == 'ftp_failed_auth'
+leakspeed: "10s"
+capacity: 5
+groupby: evt.Meta.source_ip
+blackhole: 5m
+labels:
+ service: ftp
+ type: bruteforce
+ remediation: true
\ No newline at end of file

diff --git a/scenarios/ltsich/.tests/http-w00tw00t/bucket_input.yaml b/scenarios/ltsich/.tests/http-w00tw00t/bucket_input.yaml
new file mode 100644 (file)
index 0000000..a40a51d
--- /dev/null
+++ b/scenarios/ltsich/.tests/http-w00tw00t/bucket_input.yaml
@@ -0,0 +1,7 @@
+- Meta:
+    source_ip: 1.2.3.4
+    log_type: http_access-log
+    MarshaledTime: 2020-12-09T07:20:50.52Z
+  Time: 2020-12-09T07:20:50.363532653+01:00
+  Parsed:
+    file_name: w00tw00t.at.ISC.SANS.DFind

diff --git a/scenarios/ltsich/.tests/http-w00tw00t/bucket_results.yaml b/scenarios/ltsich/.tests/http-w00tw00t/bucket_results.yaml
new file mode 100644 (file)
index 0000000..6902ca6
--- /dev/null
+++ b/scenarios/ltsich/.tests/http-w00tw00t/bucket_results.yaml
@@ -0,0 +1,89 @@
+- Type: 1
+  Alert:
+    MapKey: 62f4498046f2b1f4073d5aad9e639f0b719b1f05
+    Sources:
+      1.2.3.4:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+    Alert:
+      capacity: 0
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 1
+      id: 0
+      labels: []
+      leakspeed: 0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: ltsich/http-w00tw00t
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+    APIAlerts:
+    - capacity: 0
+      createdat: ""
+      decisions: []
+      events:
+      - meta:
+        - key: MarshaledTime
+          value: "2020-12-09T07:20:50.52Z"
+        - key: log_type
+          value: http_access-log
+        - key: source_ip
+          value: 1.2.3.4
+        timestamp: "2020-12-09T07:20:50.363532653+01:00"
+      eventscount: 1
+      id: 0
+      labels: []
+      leakspeed: 0s
+      machineid: ""
+      message: ""
+      meta: []
+      remediation: true
+      scenario: ltsich/http-w00tw00t
+      scenariohash: ""
+      scenarioversion: ""
+      simulated: false
+      source:
+        asname: ""
+        asnumber: ""
+        cn: ""
+        ip: 1.2.3.4
+        latitude: 0
+        longitude: 0
+        range: ""
+        scope: Ip
+        value: 1.2.3.4
+      startat: "0001-01-01T00:00:00Z"
+      stopat: "0001-01-01T00:00:00Z"
+  MarshaledTime: "0001-01-01T00:00:00Z"

diff --git a/scenarios/ltsich/.tests/http-w00tw00t/config.yaml b/scenarios/ltsich/.tests/http-w00tw00t/config.yaml
new file mode 100644 (file)
index 0000000..b4f761c
--- /dev/null
+++ b/scenarios/ltsich/.tests/http-w00tw00t/config.yaml
@@ -0,0 +1,8 @@
+bucket_input: bucket_input.yaml
+bucket_results: bucket_results.yaml
+
+#configuration
+index: "./config/hub/.index.json"
+configurations:      
+  scenarios:
+  - ltsich/http-w00tw00t

diff --git a/scenarios/ltsich/http-w00tw00t.md b/scenarios/ltsich/http-w00tw00t.md
new file mode 100644 (file)
index 0000000..31691ba
--- /dev/null
+++ b/scenarios/ltsich/http-w00tw00t.md
@@ -0,0 +1,3 @@
+trigger scenario to detect w00tw00t pattern used by http vulnerability scanner, see [this ressource](https://isc.sans.edu/forums/diary/w00tw00t/900/)
+
+> Contributed by https://github.com/LtSich

diff --git a/scenarios/ltsich/http-w00tw00t.yaml b/scenarios/ltsich/http-w00tw00t.yaml
new file mode 100644 (file)
index 0000000..b62e6b6
--- /dev/null
+++ b/scenarios/ltsich/http-w00tw00t.yaml
@@ -0,0 +1,12 @@
+#contributed by ltsich
+type: trigger
+name: ltsich/http-w00tw00t
+description: "detect w00tw00t"
+debug: false
+filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.file_name contains 'w00tw00t.at.ISC.SANS.DFind'"
+groupby: evt.Meta.source_ip
+blackhole: 5m
+labels:
+ service: http
+ type: scan
+ remediation: true

diff --git a/tests.sh b/tests.sh
new file mode 100755 (executable)
index 0000000..9a44a64
--- /dev/null
+++ b/tests.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+
+usage() {
+      echo "Usage:"
+      echo "    ./tests.sh -h|--help                        Display this help message."
+      echo "    ./tests.sh -i                               Init tests : prepare env tests"
+      echo "    ./tests.sh -g <CONFIG_PATH/name.yaml>       Generate new test by specifying target config (parser|scenario|postoverflow)"
+      echo "    ./tests.sh --all                            Run all tests"
+      echo "    ./tests.sh --single <MYPATH/config.yaml>    Run single test"
+
+      exit 0
+}
+
+init_tests() {
+    if [[ -n $1 ]];
+    then
+       BRANCH=$1
+       git clone --branch $BRANCH https://github.com/crowdsecurity/hub-tests.git 
+       cd hub-tests/ && go get -u github.com/crowdsecurity/crowdsec@$BRANCH || true &&  go build && cd ..
+    else
+       git clone  https://github.com/crowdsecurity/hub-tests.git
+       cd hub-tests/ &&  go build && cd ..
+    fi
+    cp -r hub-tests/config/ .
+    mkdir config/hub data && cp .index.json config/hub/
+}
+
+generate_config() {
+    if [[ -n  $1 ]];
+    then
+       TEST=$1
+       ITEM_TYPE=$(echo $TEST | awk -F "/" '{print $1}')
+       ITEM_NAME=$(echo $TEST | awk -F "/" '{print $(NF-1)"/"$(NF)}')
+       ITEM_NAME=$(echo $ITEM_NAME | awk -F "." '{print $1}')
+       mkdir -p $(dirname $TEST)/.tests/$(basename $TEST .yaml)
+       cat <<EOF > $(dirname $TEST)/.tests/$(basename $TEST .yaml)/config.yaml
+log_file:  test.log #unused for now, will need rework when acquis.yaml will part of parsers
+parser_results: parser_results.json
+bucket_input: bucket_input.yaml
+bucket_results: bucket_result.json
+postoverflow_input: postoverflow_input.yaml
+postoverflow_results: postoverflow_results.json
+#configuration
+index: "./config/hub/.index.json"
+configurations:
+  $ITEM_TYPE:
+  - $ITEM_NAME
+EOF
+    fi
+}
+
+run_all_tests() {
+    ./hub-tests/hub-tests -glob config.yaml -junit output.xml -overall
+}
+
+run_single_test() {
+    ./hub-tests/hub-tests -single $1
+}
+
+if [[ $# -eq 0 ]]; then
+usage
+fi
+
+while [[ $# -gt 0 ]]
+do
+    key="${1}"
+    case ${key} in
+    -i)
+        init_tests ${2}
+        exit 0
+        ;;
+    -g)
+        generate_config ${2}
+        exit 0
+        ;;
+    --all)
+        run_all_tests
+        exit 0
+        ;;
+    --single)
+        run_single_test ${2}
+        exit 0
+        ;;
+    -h|--help)
+        usage
+        exit 0
+        ;;
+    *)    # unknown option
+        echo "Unknown argument ${key}."
+        usage
+        exit 1
+        ;;
+    esac
+done

diff --git a/update.go b/update.go
new file mode 100644 (file)
index 0000000..cf1f3d0
--- /dev/null
+++ b/update.go
@@ -0,0 +1,70 @@
+package main
+
+import (
+       "fmt"
+       "log"
+       "os"
+       "path"
+       "path/filepath"
+       "strings"
+)
+
+func updateType(name string, dict map[string]typeInfo, filepath string, configType string) typeInfo {
+       var tInfo typeInfo
+       tInfo = dict[name]
+       tInfo.generate(filepath, configType)
+       return tInfo
+}
+
+func updateIndex(configType string, idx map[string]map[string]typeInfo, tmpIdx map[string]map[string]typeInfo) {
+       var files []string
+       //tInfo := make(map[string]typeInfo)
+       folder := path.Join("./", configType)
+
+       idx[configType] = make(map[string]typeInfo)
+
+       err := filepath.Walk(folder, func(path string, info os.FileInfo, err error) error {
+               if strings.HasSuffix(path, ".yaml") {
+                       files = append(files, path)
+               }
+               return nil
+       })
+
+       if err != nil {
+               panic(err)
+       }
+
+       log.Printf("Updating stuff for %s", configType)
+       for _, filepath := range files {
+               var foundFile bool
+               foundFile = false
+               // only deal with filepath that starts with parsers/scenarios/postoverflows
+               if strings.HasPrefix(filepath, folder) {
+                       // we are going to check if the file is already in the index to update it
+                       if val, ok := tmpIdx[configType]; ok {
+                               var tInfo typeInfo
+                               var hubName string
+                               for name, info := range val {
+                                       if filepath == info.Path {
+                                               tInfo = updateType(name, val, filepath, configType)
+                                               hubName = name
+                                               foundFile = true
+                                               break
+                                       }
+                               }
+                               if foundFile {
+                                       idx[configType][hubName] = tInfo
+                               } else {
+                                       // the file was not found in the .index, creating a new entry
+                                       var tInfo typeInfo
+                                       hubName, err := tInfo.generate(filepath, configType)
+                                       if err != nil {
+                                               fmt.Printf("skipping '%s' because : %s\n", filepath, err.Error())
+                                       } else {
+                                               idx[configType][hubName] = tInfo
+                                       }
+                               }
+                       }
+               }
+       }
+}